From 4d6fbc52713c0423aa04f74ae330867fac488b86 Mon Sep 17 00:00:00 2001 From: Hag Date: Mon, 29 Jul 2019 13:22:41 +0300 Subject: [PATCH 1/5] Set IoTSecuritySolutions & IoTSecuritySolutionAnalytics API as stable --- .../CreateIoTSecuritySolution_example.json | 262 +++++ .../DeleteIoTSecuritySolution_example.json | 12 + .../GetIoTSecuritySolution_example.json | 121 +++ ...itySolutionsListByIotHubAndRg_example.json | 127 +++ ...SecuritySolutionsListByIotHub_example.json | 126 +++ ...tIoTSecuritySolutionsListByRg_example.json | 124 +++ .../GetIoTSecuritySolutionsList_example.json | 234 +++++ .../UpdateIoTSecuritySolution_example.json | 148 +++ ...nsSecurityAggregatedAlertList_example.json | 54 ++ ...utionsSecurityAggregatedAlert_example.json | 32 + ...olutionsSecurityAnalyticsList_example.json | 95 ++ ...itySolutionsSecurityAnalytics_example.json | 91 ++ ...onsSecurityRecommendationList_example.json | 50 + ...lutionsSecurityRecommendation_example.json | 30 + ...ecurityAggregatedAlertDismiss_example.json | 12 + .../iotSecuritySolutionAnalytics.json | 916 ++++++++++++++++++ .../2019-08-01/iotSecuritySolutions.json | 659 +++++++++++++ .../security/resource-manager/readme.md | 4 +- 18 files changed, 3095 insertions(+), 2 deletions(-) create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/CreateIoTSecuritySolution_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/DeleteIoTSecuritySolution_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolution_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByIotHubAndRg_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByIotHub_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByRg_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsList_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/UpdateIoTSecuritySolution_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAggregatedAlertList_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAggregatedAlert_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalyticsList_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalytics_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendationList_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendation_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/PostIoTSecuritySolutionsSecurityAggregatedAlertDismiss_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotSecuritySolutionAnalytics.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotSecuritySolutions.json diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/CreateIoTSecuritySolution_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/CreateIoTSecuritySolution_example.json new file mode 100644 index 000000000000..70b99f07679a --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/CreateIoTSecuritySolution_example.json @@ -0,0 +1,262 @@ +{ + "parameters": { + "api-version": "2019-08-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "resourceGroupName": "MyGroup", + "solutionName": "default", + "iotSecuritySolutionData": { + "tags": {}, + "location": "East Us", + "properties": { + "workspace": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1", + "status": "Enabled", + "export": [], + "disabledDataSources": [], + "displayName": "Solution Default", + "iotHubs": [ + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub" + ], + "userDefinedResources": { + "query": "where type != \"microsoft.devices/iothubs\" | where name contains \"iot\"", + "querySubscriptions": [ + "075423e9-7d33-4166-8bdf-3920b04e3735" + ] + }, + "recommendationsConfiguration": [ + { + "recommendationType": "IoT_OpenPorts", + "status": "Disabled" + }, + { + "recommendationType": "IoT_SharedCredentials", + "status": "Disabled" + } + ] + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/Locations/eastus/IoTSecuritySolutions/default", + "name": "default", + "type": "Microsoft.Security/IoTSecuritySolutions", + "location": "East Us", + "tags": {}, + "properties": { + "workspace": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1", + "status": "Enabled", + "export": [], + "disabledDataSources": [], + "displayName": "Solution Default", + "iotHubs": [ + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub" + ], + "userDefinedResources": { + "query": "where type != \"microsoft.devices/iothubs\" | where name contains \"iot\"", + "querySubscriptions": [ + "075423e9-7d33-4166-8bdf-3920b04e3735" + ] + }, + "autoDiscoveredResources": [ + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735", + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub" + ], + "recommendationsConfiguration": [ + { + "recommendationType": "IoT_ACRAuthentication", + "name": "Service Principal Not Used with ACR", + "status": "Enabled" + }, + { + "recommendationType": "IoT_AgentSendsUnutilizedMessages", + "name": "Agent sending underutilized messages", + "status": "TurnedOn" + }, + { + "recommendationType": "IoT_Baseline", + "name": "Operating system (OS) baseline validation failure", + "status": "Enabled" + }, + { + "recommendationType": "IoT_EdgeHubMemOptimize", + "name": "Edge Hub memory can be optimized", + "status": "Enabled" + }, + { + "recommendationType": "IoT_EdgeLoggingOptions", + "name": "No Logging Configured for Edge Module", + "status": "Enabled" + }, + { + "recommendationType": "IoT_InconsistentModuleSettings", + "name": "Module Settings Inconsistent in SecurityGroup", + "status": "Enabled" + }, + { + "recommendationType": "IoT_InstallAgent", + "name": "Install the Azure Security of Things Agent", + "status": "Enabled" + }, + { + "recommendationType": "IoT_IPFilter_DenyAll", + "name": "Default IP Filter Policy should be Deny", + "status": "Enabled" + }, + { + "recommendationType": "IoT_IPFilter_PermissiveRule", + "name": "IP Filter rule includes large IP range", + "status": "Enabled" + }, + { + "recommendationType": "IoT_OpenPorts", + "name": "Open Ports On Device", + "status": "Disabled" + }, + { + "recommendationType": "IoT_PermissiveFirewallPolicy", + "name": "Permissive firewall policy in one of the chains was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PermissiveInputFirewallRules", + "name": "Permissive firewall rule in the input chain was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PermissiveOutputFirewallRules", + "name": "Permissive firewall rule in the output chain was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PrivilegedDockerOptions", + "name": "High level permissions configured in Edge model twin for Edge module", + "status": "Enabled" + }, + { + "recommendationType": "IoT_SharedCredentials", + "name": "Same Authentication Credentials used by multiple devices", + "status": "Disabled" + }, + { + "recommendationType": "IoT_VulnerableTLSCipherSuite", + "name": "TLS cipher suite upgrade", + "status": "Enabled" + } + ] + } + } + }, + "201": { + "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/Locations/eastus/IoTSecuritySolutions/default", + "name": "default", + "type": "Microsoft.Security/IoTSecuritySolutions", + "location": "East Us", + "tags": {}, + "properties": { + "workspace": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1", + "status": "Enabled", + "export": [], + "disabledDataSources": [], + "displayName": "Solution Default", + "iotHubs": [ + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub" + ], + "userDefinedResources": { + "query": "where type != \"microsoft.devices/iothubs\" | where name contains \"iot\"", + "querySubscriptions": [ + "075423e9-7d33-4166-8bdf-3920b04e3735" + ] + }, + "autoDiscoveredResources": [ + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735", + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub" + ], + "recommendationsConfiguration": [ + { + "recommendationType": "IoT_ACRAuthentication", + "name": "Service Principal Not Used with ACR", + "status": "Enabled" + }, + { + "recommendationType": "IoT_AgentSendsUnutilizedMessages", + "name": "Agent sending underutilized messages", + "status": "TurnedOn" + }, + { + "recommendationType": "IoT_Baseline", + "name": "Operating system (OS) baseline validation failure", + "status": "Enabled" + }, + { + "recommendationType": "IoT_EdgeHubMemOptimize", + "name": "Edge Hub memory can be optimized", + "status": "Enabled" + }, + { + "recommendationType": "IoT_EdgeLoggingOptions", + "name": "No Logging Configured for Edge Module", + "status": "Enabled" + }, + { + "recommendationType": "IoT_InconsistentModuleSettings", + "name": "Module Settings Inconsistent in SecurityGroup", + "status": "Enabled" + }, + { + "recommendationType": "IoT_InstallAgent", + "name": "Install the Azure Security of Things Agent", + "status": "Enabled" + }, + { + "recommendationType": "IoT_IPFilter_DenyAll", + "name": "Default IP Filter Policy should be Deny", + "status": "Enabled" + }, + { + "recommendationType": "IoT_IPFilter_PermissiveRule", + "name": "IP Filter rule includes large IP range", + "status": "Enabled" + }, + { + "recommendationType": "IoT_OpenPorts", + "name": "Open Ports On Device", + "status": "Disabled" + }, + { + "recommendationType": "IoT_PermissiveFirewallPolicy", + "name": "Permissive firewall policy in one of the chains was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PermissiveInputFirewallRules", + "name": "Permissive firewall rule in the input chain was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PermissiveOutputFirewallRules", + "name": "Permissive firewall rule in the output chain was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PrivilegedDockerOptions", + "name": "High level permissions configured in Edge model twin for Edge module", + "status": "Enabled" + }, + { + "recommendationType": "IoT_SharedCredentials", + "name": "Same Authentication Credentials used by multiple devices", + "status": "Disabled" + }, + { + "recommendationType": "IoT_VulnerableTLSCipherSuite", + "name": "TLS cipher suite upgrade", + "status": "Enabled" + } + ] + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/DeleteIoTSecuritySolution_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/DeleteIoTSecuritySolution_example.json new file mode 100644 index 000000000000..0c7bc0bf2944 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/DeleteIoTSecuritySolution_example.json @@ -0,0 +1,12 @@ +{ + "parameters": { + "api-version": "2019-08-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "resourceGroupName": "MyGroup", + "solutionName": "default" + }, + "responses": { + "204": {}, + "200": {} + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolution_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolution_example.json new file mode 100644 index 000000000000..a45c0ff3aaba --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolution_example.json @@ -0,0 +1,121 @@ +{ + "parameters": { + "api-version": "2019-08-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "resourceGroupName": "MyGroup", + "solutionName": "default" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default", + "name": "default", + "type": "Microsoft.Security/IoTSecuritySolutions", + "location": "East Us", + "tags": {}, + "properties": { + "workspace": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1", + "status": "Enabled", + "export": [], + "disabledDataSources": [], + "displayName": "Solution Default", + "iotHubs": [ + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub" + ], + "userDefinedResources": { + "query": "where type != \"microsoft.devices/iothubs\" | where name contains \"iot\"", + "querySubscriptions": [ + "075423e9-7d33-4166-8bdf-3920b04e3735" + ] + }, + "autoDiscoveredResources": [ + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735", + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub" + ], + "recommendationsConfiguration": [ + { + "recommendationType": "IoT_ACRAuthentication", + "name": "Service Principal Not Used with ACR", + "status": "Enabled" + }, + { + "recommendationType": "IoT_AgentSendsUnutilizedMessages", + "name": "Agent sending underutilized messages", + "status": "TurnedOn" + }, + { + "recommendationType": "IoT_Baseline", + "name": "Operating system (OS) baseline validation failure", + "status": "Enabled" + }, + { + "recommendationType": "IoT_EdgeHubMemOptimize", + "name": "Edge Hub memory can be optimized", + "status": "Enabled" + }, + { + "recommendationType": "IoT_EdgeLoggingOptions", + "name": "No Logging Configured for Edge Module", + "status": "Enabled" + }, + { + "recommendationType": "IoT_InconsistentModuleSettings", + "name": "Module Settings Inconsistent in SecurityGroup", + "status": "Enabled" + }, + { + "recommendationType": "IoT_InstallAgent", + "name": "Install the Azure Security of Things Agent", + "status": "Enabled" + }, + { + "recommendationType": "IoT_IPFilter_DenyAll", + "name": "Default IP Filter Policy should be Deny", + "status": "Enabled" + }, + { + "recommendationType": "IoT_IPFilter_PermissiveRule", + "name": "IP Filter rule includes large IP range", + "status": "Enabled" + }, + { + "recommendationType": "IoT_OpenPorts", + "name": "Open Ports On Device", + "status": "Disabled" + }, + { + "recommendationType": "IoT_PermissiveFirewallPolicy", + "name": "Permissive firewall policy in one of the chains was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PermissiveInputFirewallRules", + "name": "Permissive firewall rule in the input chain was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PermissiveOutputFirewallRules", + "name": "Permissive firewall rule in the output chain was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PrivilegedDockerOptions", + "name": "High level permissions configured in Edge model twin for Edge module", + "status": "Enabled" + }, + { + "recommendationType": "IoT_SharedCredentials", + "name": "Same Authentication Credentials used by multiple devices", + "status": "Disabled" + }, + { + "recommendationType": "IoT_VulnerableTLSCipherSuite", + "name": "TLS cipher suite upgrade", + "status": "Enabled" + } + ] + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByIotHubAndRg_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByIotHubAndRg_example.json new file mode 100644 index 000000000000..8c5ae9396b5f --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByIotHubAndRg_example.json @@ -0,0 +1,127 @@ +{ + "parameters": { + "api-version": "2019-08-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "resourceGroupName": "MyRg", + "$filter": "properties.iotHubs/any(i eq \"/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub\")" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyRg/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default", + "name": "default", + "type": "Microsoft.Security/IoTSecuritySolutions", + "location": "East Us", + "tags": {}, + "properties": { + "workspace": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1", + "status": "Enabled", + "export": [ + "RawEvents" + ], + "disabledDataSources": [ ], + "displayName": "Solution Default", + "iotHubs": [ + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub" + ], + "userDefinedResources": { + "query": "where type != \"microsoft.devices/iothubs\" | where name contains \"iot\"", + "querySubscriptions": [ + "075423e9-7d33-4166-8bdf-3920b04e3735" + ] + }, + "autoDiscoveredResources": [ + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735", + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub" + ], + "recommendationsConfiguration": [ + { + "recommendationType": "IoT_ACRAuthentication", + "name": "Service Principal Not Used with ACR", + "status": "Enabled" + }, + { + "recommendationType": "IoT_AgentSendsUnutilizedMessages", + "name": "Agent sending underutilized messages", + "status": "TurnedOn" + }, + { + "recommendationType": "IoT_Baseline", + "name": "Operating system (OS) baseline validation failure", + "status": "Enabled" + }, + { + "recommendationType": "IoT_EdgeHubMemOptimize", + "name": "Edge Hub memory can be optimized", + "status": "Enabled" + }, + { + "recommendationType": "IoT_EdgeLoggingOptions", + "name": "No Logging Configured for Edge Module", + "status": "Enabled" + }, + { + "recommendationType": "IoT_InconsistentModuleSettings", + "name": "Module Settings Inconsistent in SecurityGroup", + "status": "Enabled" + }, + { + "recommendationType": "IoT_InstallAgent", + "name": "Install the Azure Security of Things Agent", + "status": "Enabled" + }, + { + "recommendationType": "IoT_IPFilter_DenyAll", + "name": "Default IP Filter Policy should be Deny", + "status": "Enabled" + }, + { + "recommendationType": "IoT_IPFilter_PermissiveRule", + "name": "IP Filter rule includes large IP range", + "status": "Enabled" + }, + { + "recommendationType": "IoT_OpenPorts", + "name": "Open Ports On Device", + "status": "Disabled" + }, + { + "recommendationType": "IoT_PermissiveFirewallPolicy", + "name": "Permissive firewall policy in one of the chains was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PermissiveInputFirewallRules", + "name": "Permissive firewall rule in the input chain was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PermissiveOutputFirewallRules", + "name": "Permissive firewall rule in the output chain was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PrivilegedDockerOptions", + "name": "High level permissions configured in Edge model twin for Edge module", + "status": "Enabled" + }, + { + "recommendationType": "IoT_SharedCredentials", + "name": "Same Authentication Credentials used by multiple devices", + "status": "Disabled" + }, + { + "recommendationType": "IoT_VulnerableTLSCipherSuite", + "name": "TLS cipher suite upgrade", + "status": "Enabled" + } + ] + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByIotHub_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByIotHub_example.json new file mode 100644 index 000000000000..c8e79dce066e --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByIotHub_example.json @@ -0,0 +1,126 @@ +{ + "parameters": { + "api-version": "2019-08-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "$filter": "properties.iotHubs/any(i eq \"/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub\")" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default", + "name": "default", + "type": "Microsoft.Security/IoTSecuritySolutions", + "location": "East Us", + "tags": {}, + "properties": { + "workspace": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1", + "status": "Enabled", + "export": [ + "RawEvents" + ], + "disabledDataSources": [ ], + "displayName": "Solution Default", + "iotHubs": [ + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub" + ], + "userDefinedResources": { + "query": "where type != \"microsoft.devices/iothubs\" | where name contains \"iot\"", + "querySubscriptions": [ + "075423e9-7d33-4166-8bdf-3920b04e3735" + ] + }, + "autoDiscoveredResources": [ + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735", + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub" + ], + "recommendationsConfiguration": [ + { + "recommendationType": "IoT_ACRAuthentication", + "name": "Service Principal Not Used with ACR", + "status": "Enabled" + }, + { + "recommendationType": "IoT_AgentSendsUnutilizedMessages", + "name": "Agent sending underutilized messages", + "status": "TurnedOn" + }, + { + "recommendationType": "IoT_Baseline", + "name": "Operating system (OS) baseline validation failure", + "status": "Enabled" + }, + { + "recommendationType": "IoT_EdgeHubMemOptimize", + "name": "Edge Hub memory can be optimized", + "status": "Enabled" + }, + { + "recommendationType": "IoT_EdgeLoggingOptions", + "name": "No Logging Configured for Edge Module", + "status": "Enabled" + }, + { + "recommendationType": "IoT_InconsistentModuleSettings", + "name": "Module Settings Inconsistent in SecurityGroup", + "status": "Enabled" + }, + { + "recommendationType": "IoT_InstallAgent", + "name": "Install the Azure Security of Things Agent", + "status": "Enabled" + }, + { + "recommendationType": "IoT_IPFilter_DenyAll", + "name": "Default IP Filter Policy should be Deny", + "status": "Enabled" + }, + { + "recommendationType": "IoT_IPFilter_PermissiveRule", + "name": "IP Filter rule includes large IP range", + "status": "Enabled" + }, + { + "recommendationType": "IoT_OpenPorts", + "name": "Open Ports On Device", + "status": "Disabled" + }, + { + "recommendationType": "IoT_PermissiveFirewallPolicy", + "name": "Permissive firewall policy in one of the chains was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PermissiveInputFirewallRules", + "name": "Permissive firewall rule in the input chain was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PermissiveOutputFirewallRules", + "name": "Permissive firewall rule in the output chain was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PrivilegedDockerOptions", + "name": "High level permissions configured in Edge model twin for Edge module", + "status": "Enabled" + }, + { + "recommendationType": "IoT_SharedCredentials", + "name": "Same Authentication Credentials used by multiple devices", + "status": "Disabled" + }, + { + "recommendationType": "IoT_VulnerableTLSCipherSuite", + "name": "TLS cipher suite upgrade", + "status": "Enabled" + } + ] + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByRg_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByRg_example.json new file mode 100644 index 000000000000..91a826fcd064 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByRg_example.json @@ -0,0 +1,124 @@ +{ + "parameters": { + "api-version": "2019-08-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "resourceGroupName": "MyGroup" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default", + "name": "default", + "location": "East Us", + "type": "Microsoft.Security/IoTSecuritySolutions", + "tags": {}, + "properties": { + "workspace": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1", + "status": "Enabled", + "export": [ ], + "disabledDataSources": [ ], + "displayName": "Solution Default", + "iotHubs": [ + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub" + ], + "userDefinedResources": { + "query": "where type != \"microsoft.devices/iothubs\" | where name contains \"iot\"", + "querySubscriptions": [ + "075423e9-7d33-4166-8bdf-3920b04e3735" + ] + }, + "autoDiscoveredResources": [ + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735", + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub" + ], + "recommendationsConfiguration": [ + { + "recommendationType": "IoT_ACRAuthentication", + "name": "Service Principal Not Used with ACR", + "status": "Enabled" + }, + { + "recommendationType": "IoT_AgentSendsUnutilizedMessages", + "name": "Agent sending underutilized messages", + "status": "TurnedOn" + }, + { + "recommendationType": "IoT_Baseline", + "name": "Operating system (OS) baseline validation failure", + "status": "Enabled" + }, + { + "recommendationType": "IoT_EdgeHubMemOptimize", + "name": "Edge Hub memory can be optimized", + "status": "Enabled" + }, + { + "recommendationType": "IoT_EdgeLoggingOptions", + "name": "No Logging Configured for Edge Module", + "status": "Enabled" + }, + { + "recommendationType": "IoT_InconsistentModuleSettings", + "name": "Module Settings Inconsistent in SecurityGroup", + "status": "Enabled" + }, + { + "recommendationType": "IoT_InstallAgent", + "name": "Install the Azure Security of Things Agent", + "status": "Enabled" + }, + { + "recommendationType": "IoT_IPFilter_DenyAll", + "name": "Default IP Filter Policy should be Deny", + "status": "Enabled" + }, + { + "recommendationType": "IoT_IPFilter_PermissiveRule", + "name": "IP Filter rule includes large IP range", + "status": "Enabled" + }, + { + "recommendationType": "IoT_OpenPorts", + "name": "Open Ports On Device", + "status": "Disabled" + }, + { + "recommendationType": "IoT_PermissiveFirewallPolicy", + "name": "Permissive firewall policy in one of the chains was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PermissiveInputFirewallRules", + "name": "Permissive firewall rule in the input chain was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PermissiveOutputFirewallRules", + "name": "Permissive firewall rule in the output chain was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PrivilegedDockerOptions", + "name": "High level permissions configured in Edge model twin for Edge module", + "status": "Enabled" + }, + { + "recommendationType": "IoT_SharedCredentials", + "name": "Same Authentication Credentials used by multiple devices", + "status": "Disabled" + }, + { + "recommendationType": "IoT_VulnerableTLSCipherSuite", + "name": "TLS cipher suite upgrade", + "status": "Enabled" + } + ] + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsList_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsList_example.json new file mode 100644 index 000000000000..a1f086805d86 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsList_example.json @@ -0,0 +1,234 @@ +{ + "parameters": { + "api-version": "2019-08-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default", + "name": "default", + "location": "East Us", + "type": "Microsoft.Security/IoTSecuritySolutions", + "tags": {}, + "properties": { + "workspace": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1", + "status": "Enabled", + "export": [ ], + "disabledDataSources": [ ], + "displayName": "Solution Default", + "iotHubs": [ + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub" + ], + "userDefinedResources": { + "query": "where type != \"microsoft.devices/iothubs\" | where name contains \"iot\"", + "querySubscriptions": [ + "075423e9-7d33-4166-8bdf-3920b04e3735" + ] + }, + "autoDiscoveredResources": [ + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735", + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub" + ], + "recommendationsConfiguration": [ + { + "recommendationType": "IoT_ACRAuthentication", + "name": "Service Principal Not Used with ACR", + "status": "Enabled" + }, + { + "recommendationType": "IoT_AgentSendsUnutilizedMessages", + "name": "Agent sending underutilized messages", + "status": "TurnedOn" + }, + { + "recommendationType": "IoT_Baseline", + "name": "Operating system (OS) baseline validation failure", + "status": "Enabled" + }, + { + "recommendationType": "IoT_EdgeHubMemOptimize", + "name": "Edge Hub memory can be optimized", + "status": "Enabled" + }, + { + "recommendationType": "IoT_EdgeLoggingOptions", + "name": "No Logging Configured for Edge Module", + "status": "Enabled" + }, + { + "recommendationType": "IoT_InconsistentModuleSettings", + "name": "Module Settings Inconsistent in SecurityGroup", + "status": "Enabled" + }, + { + "recommendationType": "IoT_InstallAgent", + "name": "Install the Azure Security of Things Agent", + "status": "Enabled" + }, + { + "recommendationType": "IoT_IPFilter_DenyAll", + "name": "Default IP Filter Policy should be Deny", + "status": "Enabled" + }, + { + "recommendationType": "IoT_IPFilter_PermissiveRule", + "name": "IP Filter rule includes large IP range", + "status": "Enabled" + }, + { + "recommendationType": "IoT_OpenPorts", + "name": "Open Ports On Device", + "status": "Disabled" + }, + { + "recommendationType": "IoT_PermissiveFirewallPolicy", + "name": "Permissive firewall policy in one of the chains was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PermissiveInputFirewallRules", + "name": "Permissive firewall rule in the input chain was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PermissiveOutputFirewallRules", + "name": "Permissive firewall rule in the output chain was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PrivilegedDockerOptions", + "name": "High level permissions configured in Edge model twin for Edge module", + "status": "Enabled" + }, + { + "recommendationType": "IoT_SharedCredentials", + "name": "Same Authentication Credentials used by multiple devices", + "status": "Disabled" + }, + { + "recommendationType": "IoT_VulnerableTLSCipherSuite", + "name": "TLS cipher suite upgrade", + "status": "Enabled" + } + ] + } + }, + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SecondGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/sec-solution", + "name": "sec-solution", + "location": "East Us", + "type": "Microsoft.Security/IoTSecuritySolutions", + "tags": { }, + "properties": { + "workspace": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1", + "status": "Enabled", + "export": [ + "RawEvents" + ], + "disabledDataSources": [ ], + "displayName": "Second Solution", + "iotHubs": [ + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/IotHubSecond" + ], + "userDefinedResources": { + "query": "where type != \"microsoft.devices/iothubs\" | where name contains \"iot\"", + "querySubscriptions": [ + "075423e9-7d33-4166-8bdf-3920b04e3735" + ] + }, + "autoDiscoveredResources": [ + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735", + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/IotHubSecond" + ], + "recommendationsConfiguration": [ + { + "recommendationType": "IoT_ACRAuthentication", + "name": "Service Principal Not Used with ACR", + "status": "Enabled" + }, + { + "recommendationType": "IoT_AgentSendsUnutilizedMessages", + "name": "Agent sending underutilized messages", + "status": "TurnedOn" + }, + { + "recommendationType": "IoT_Baseline", + "name": "Operating system (OS) baseline validation failure", + "status": "Enabled" + }, + { + "recommendationType": "IoT_EdgeHubMemOptimize", + "name": "Edge Hub memory can be optimized", + "status": "Enabled" + }, + { + "recommendationType": "IoT_EdgeLoggingOptions", + "name": "No Logging Configured for Edge Module", + "status": "Enabled" + }, + { + "recommendationType": "IoT_InconsistentModuleSettings", + "name": "Module Settings Inconsistent in SecurityGroup", + "status": "Enabled" + }, + { + "recommendationType": "IoT_InstallAgent", + "name": "Install the Azure Security of Things Agent", + "status": "Enabled" + }, + { + "recommendationType": "IoT_IPFilter_DenyAll", + "name": "Default IP Filter Policy should be Deny", + "status": "Enabled" + }, + { + "recommendationType": "IoT_IPFilter_PermissiveRule", + "name": "IP Filter rule includes large IP range", + "status": "Enabled" + }, + { + "recommendationType": "IoT_OpenPorts", + "name": "Open Ports On Device", + "status": "Disabled" + }, + { + "recommendationType": "IoT_PermissiveFirewallPolicy", + "name": "Permissive firewall policy in one of the chains was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PermissiveInputFirewallRules", + "name": "Permissive firewall rule in the input chain was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PermissiveOutputFirewallRules", + "name": "Permissive firewall rule in the output chain was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PrivilegedDockerOptions", + "name": "High level permissions configured in Edge model twin for Edge module", + "status": "Enabled" + }, + { + "recommendationType": "IoT_SharedCredentials", + "name": "Same Authentication Credentials used by multiple devices", + "status": "Disabled" + }, + { + "recommendationType": "IoT_VulnerableTLSCipherSuite", + "name": "TLS cipher suite upgrade", + "status": "Enabled" + } + ] + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/UpdateIoTSecuritySolution_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/UpdateIoTSecuritySolution_example.json new file mode 100644 index 000000000000..1124a2cd860f --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/UpdateIoTSecuritySolution_example.json @@ -0,0 +1,148 @@ +{ + "parameters": { + "api-version": "2019-08-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "resourceGroupName": "myRg", + "solutionName": "default", + "updateIotSecuritySolutionData": { + "tags": { + "foo": "bar" + }, + "properties": { + "userDefinedResources": { + "query": "where type != \"microsoft.devices/iothubs\" | where name contains \"v2\"", + "querySubscriptions": [ + "075423e9-7d33-4166-8bdf-3920b04e3735" + ] + }, + "recommendationsConfiguration": [ + { + "recommendationType": "IoT_OpenPorts", + "status": "Disabled" + }, + { + "recommendationType": "IoT_SharedCredentials", + "status": "Disabled" + } + ] + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/Locations/eastus/IoTSecuritySolutions/default", + "name": "default", + "type": "Microsoft.Security/IoTSecuritySolutions", + "location": "East Us", + "tags": { + "foo": "bar" + }, + "properties": { + "workspace": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1", + "status": "Enabled", + "export": [ + "RawEvents" + ], + "disabledDataSources": [ ], + "displayName": "Solution Default", + "iotHubs": [ + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub" + ], + "userDefinedResources": { + "query": "where type != \"microsoft.devices/iothubs\" | where name contains \"v2\"", + "querySubscriptions": [ + "075423e9-7d33-4166-8bdf-3920b04e3735" + ] + }, + "autoDiscoveredResources": [ + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735", + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub" + ], + "recommendationsConfiguration": [ + { + "recommendationType": "IoT_ACRAuthentication", + "name": "Service Principal Not Used with ACR", + "status": "Enabled" + }, + { + "recommendationType": "IoT_AgentSendsUnutilizedMessages", + "name": "Agent sending underutilized messages", + "status": "TurnedOn" + }, + { + "recommendationType": "IoT_Baseline", + "name": "Operating system (OS) baseline validation failure", + "status": "Enabled" + }, + { + "recommendationType": "IoT_EdgeHubMemOptimize", + "name": "Edge Hub memory can be optimized", + "status": "Enabled" + }, + { + "recommendationType": "IoT_EdgeLoggingOptions", + "name": "No Logging Configured for Edge Module", + "status": "Enabled" + }, + { + "recommendationType": "IoT_InconsistentModuleSettings", + "name": "Module Settings Inconsistent in SecurityGroup", + "status": "Enabled" + }, + { + "recommendationType": "IoT_InstallAgent", + "name": "Install the Azure Security of Things Agent", + "status": "Enabled" + }, + { + "recommendationType": "IoT_IPFilter_DenyAll", + "name": "Default IP Filter Policy should be Deny", + "status": "Enabled" + }, + { + "recommendationType": "IoT_IPFilter_PermissiveRule", + "name": "IP Filter rule includes large IP range", + "status": "Enabled" + }, + { + "recommendationType": "IoT_OpenPorts", + "name": "Open Ports On Device", + "status": "Disabled" + }, + { + "recommendationType": "IoT_PermissiveFirewallPolicy", + "name": "Permissive firewall policy in one of the chains was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PermissiveInputFirewallRules", + "name": "Permissive firewall rule in the input chain was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PermissiveOutputFirewallRules", + "name": "Permissive firewall rule in the output chain was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PrivilegedDockerOptions", + "name": "High level permissions configured in Edge model twin for Edge module", + "status": "Enabled" + }, + { + "recommendationType": "IoT_SharedCredentials", + "name": "Same Authentication Credentials used by multiple devices", + "status": "Disabled" + }, + { + "recommendationType": "IoT_VulnerableTLSCipherSuite", + "name": "TLS cipher suite upgrade", + "status": "Enabled" + } + ] + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAggregatedAlertList_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAggregatedAlertList_example.json new file mode 100644 index 000000000000..91c29bdf1d04 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAggregatedAlertList_example.json @@ -0,0 +1,54 @@ +{ + "parameters": { + "api-version": "2019-08-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "resourceGroupName": "MyGroup", + "solutionName": "default" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/IoT_Bruteforce_Fail/2019-02-02", + "name": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/IoT_Bruteforce_Fail/2019-02-02", + "type": "Microsoft.Security/IoTSecurityAggregatedAlert", + "properties": { + "alertType": "IoT_Bruteforce_Fail", + "alertDisplayName": "Failed Bruteforce", + "aggregatedDateUtc": "2019-02-02", + "vendorName": "Microsoft", + "reportedSeverity": "Low", + "remediationSteps": "", + "description": "Multiple unsuccsseful login attempts identified. A Bruteforce attack on the device failed.", + "count": 50, + "effectedResourceType": "IoT Device", + "systemSource": "Devices", + "actionTaken": "Detected", + "logAnalyticsQuery": "SecurityAlert | where tolower(ResourceId) == tolower('/subscriptions/b77ec8a9-04ed-48d2-a87a-e5887b978ba6/resourceGroups/IoT-Solution-DemoEnv/providers/Microsoft.Devices/IotHubs/rtogm-hub') and tolower(AlertName) == tolower('Custom Alert - number of device to cloud messages in MQTT protocol is not in the allowed range') | extend DeviceId=parse_json(ExtendedProperties)['DeviceId'] | project DeviceId, TimeGenerated, DisplayName, AlertSeverity, Description, RemediationSteps, ExtendedProperties" + } + }, + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/IoT_Bruteforce_Success/2019-02-02", + "name": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/IoT_Bruteforce_Success/2019-02-02", + "type": "Microsoft.Security/IoTSecurityAggregatedAlert", + "properties": { + "alertType": "IoT_Bruteforce_Success", + "alertDisplayName": "Successful Bruteforce", + "aggregatedDateUtc": "2019-02-02", + "vendorName": "Microsoft", + "reportedSeverity": "Low", + "remediationSteps": "", + "description": "Multiple unsuccsseful login attempts identified followed by a succssful login. A Bruteforce attack on the device was Successfule", + "count": 600000, + "effectedResourceType": "IoT Device", + "systemSource": "Devices", + "actionTaken": "Detected", + "logAnalyticsQuery": "SecurityAlert | where tolower(ResourceId) == tolower('/subscriptions/b77ec8a9-04ed-48d2-a87a-e5887b978ba6/resourceGroups/IoT-Solution-DemoEnv/providers/Microsoft.Devices/IotHubs/rtogm-hub') and tolower(AlertName) == tolower('Custom Alert - number of device to cloud messages in MQTT protocol is not in the allowed range') | extend DeviceId=parse_json(ExtendedProperties)['DeviceId'] | project DeviceId, TimeGenerated, DisplayName, AlertSeverity, Description, RemediationSteps, ExtendedProperties" + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAggregatedAlert_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAggregatedAlert_example.json new file mode 100644 index 000000000000..ceddc2e872b5 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAggregatedAlert_example.json @@ -0,0 +1,32 @@ +{ + "parameters": { + "api-version": "2019-08-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "resourceGroupName": "MyGroup", + "solutionName": "default", + "aggregatedAlertName": "IoT_Bruteforce_Fail/2019-02-02" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/IoT_Bruteforce_Fail/2019-02-02", + "name": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/IoT_Bruteforce_Fail/2019-02-02", + "type": "Microsoft.Security/IoTSecurityAggregatedAlert", + "properties": { + "alertType": "IoT_Bruteforce_Fail", + "alertDisplayName": "Failed Bruteforce", + "aggregatedDateUtc": "2019-02-02", + "vendorName": "Microsoft", + "reportedSeverity": "Low", + "remediationSteps": "", + "description": "Multiple unsuccsseful login attempts identified. A Bruteforce attack on the device failed.", + "count": 50, + "effectedResourceType": "IoT Device", + "systemSource": "Devices", + "actionTaken": "Detected", + "logAnalyticsQuery": "SecurityAlert | where tolower(ResourceId) == tolower('/subscriptions/b77ec8a9-04ed-48d2-a87a-e5887b978ba6/resourceGroups/IoT-Solution-DemoEnv/providers/Microsoft.Devices/IotHubs/rtogm-hub') and tolower(AlertName) == tolower('Custom Alert - number of device to cloud messages in MQTT protocol is not in the allowed range') | extend DeviceId=parse_json(ExtendedProperties)['DeviceId'] | project DeviceId, TimeGenerated, DisplayName, AlertSeverity, Description, RemediationSteps, ExtendedProperties" + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalyticsList_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalyticsList_example.json new file mode 100644 index 000000000000..099649b79f64 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalyticsList_example.json @@ -0,0 +1,95 @@ +{ + "parameters": { + "api-version": "2019-08-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "resourceGroupName": "MyGroup", + "solutionName": "default" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default", + "name": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default", + "type": "Microsoft.Security/IoTSecuritySolutionAnalyticsModelList", + "properties": { + "metrics": { + "high": 5, + "medium": 200, + "low": 102 + }, + "unhealthyDeviceCount": 1200, + "devicesMetrics": [ + { + "date": "2019-02-01T00:00:00Z", + "devicesMetrics": { + "high": 3, + "medium": 15, + "low": 70 + } + }, + { + "date": "2019-02-02T00:00:00Z", + "devicesMetrics": { + "high": 3, + "medium": 45, + "low": 65 + } + } + ], + "topAlertedDevices": [ + { + "deviceId": "id1", + "alertsCount": 200 + }, + { + "deviceId": "id2", + "alertsCount": 170 + }, + { + "deviceId": "id3", + "alertsCount": 150 + } + ], + "mostPrevalentDeviceAlerts": [ + { + "alertDisplayName": "Custom Alert - number of device to cloud messages in AMQP protocol is not in the allowed range", + "reportedSeverity": "Low", + "devicesCount": 200 + }, + { + "alertDisplayName": "Custom Alert - execution of a process that is not allowed", + "reportedSeverity": "Medium", + "devicesCount": 170 + }, + { + "alertDisplayName": "Successful Bruteforce", + "reportedSeverity": "Low", + "devicesCount": 150 + } + ], + "mostPrevalentDeviceRecommendations": [ + { + "recommendationDisplayName": "Install the Azure Security of Things Agent", + "reportedSeverity": "Low", + "devicesCount": 200 + }, + { + "recommendationDisplayName": "High level permissions configured in Edge model twin for Edge module", + "reportedSeverity": "Low", + "devicesCount": 170 + }, + { + "recommendationDisplayName": "Same Authentication Credentials used by multiple devices", + "reportedSeverity": "Medium", + "devicesCount": 150 + } + ] + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalytics_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalytics_example.json new file mode 100644 index 000000000000..a7337a494529 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalytics_example.json @@ -0,0 +1,91 @@ +{ + "parameters": { + "api-version": "2019-08-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "resourceGroupName": "MyGroup", + "solutionName": "default" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default", + "name": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default", + "type": "Microsoft.Security/IoTSecuritySolutionAnalyticsModel", + "properties": { + "metrics": { + "high": 5, + "medium": 200, + "low": 102 + }, + "unhealthyDeviceCount": 1200, + "devicesMetrics": [ + { + "date": "2019-02-01T00:00:00Z", + "devicesMetrics": { + "high": 3, + "medium": 15, + "low": 70 + } + }, + { + "date": "2019-02-02T00:00:00Z", + "devicesMetrics": { + "high": 3, + "medium": 45, + "low": 65 + } + } + ], + "topAlertedDevices": [ + { + "deviceId": "id1", + "alertsCount": 200 + }, + { + "deviceId": "id2", + "alertsCount": 170 + }, + { + "deviceId": "id3", + "alertsCount": 150 + } + ], + "mostPrevalentDeviceAlerts": [ + { + "alertDisplayName": "Custom Alert - number of device to cloud messages in AMQP protocol is not in the allowed range", + "reportedSeverity": "Low", + "alertsCount": 200 + }, + { + "alertDisplayName": "Custom Alert - execution of a process that is not allowed", + "reportedSeverity": "Medium", + "alertsCount": 170 + }, + { + "alertDisplayName": "Successful Bruteforce", + "reportedSeverity": "Low", + "alertsCount": 150 + } + ], + "mostPrevalentDeviceRecommendations": [ + { + "recommendationDisplayName": "Install the Azure Security of Things Agent", + "reportedSeverity": "Low", + "devicesCount": 200 + }, + { + "recommendationDisplayName": "High level permissions configured in Edge model twin for Edge module", + "reportedSeverity": "Low", + "devicesCount": 170 + }, + { + "recommendationDisplayName": "Same Authentication Credentials used by multiple devices", + "reportedSeverity": "Medium", + "devicesCount": 150 + } + ] + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendationList_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendationList_example.json new file mode 100644 index 000000000000..3a331b30297d --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendationList_example.json @@ -0,0 +1,50 @@ +{ + "parameters": { + "api-version": "2019-08-01", + "subscriptionId": "075423e9-7d33-4166-8bdf-3920b04e3735", + "resourceGroupName": "IoTEdgeResources", + "solutionName": "default" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/OpenPortsOnDevice", + "name": "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/OpenPortsOnDevice", + "type": "Microsoft.Security/IoTSecurityAggregatedRecommendation", + "properties": { + "recommendationName": "OpenPortsOnDevice", + "recommendationDisplayName": "Permissive firewall policy in one of the chains was found", + "description": "An allowed firewall policy was found in main firewall Chains (INPUT/OUTPUT). The policy should Deny all traffic by default define rules to allow necessary communication to/from the device", + "recommendationTypeId": "{20ff7fc3-e762-44dd-bd96-b71116dcdc23}", + "detectedBy": "Microsoft", + "reportedSeverity": "Low", + "remediationSteps": "", + "healthyDevices": 10000, + "unhealthyDeviceCount": 200, + "logAnalyticsQuery": "SecurityRecommendation | where tolower(AssessedResourceId) == tolower('/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Devices/IotHubs/t-ofdadu-hub') and tolower(RecommendationName) == tolower('OpenPortsOnDevice')" + } + }, + { + "id": "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/TooLargeIPRange", + "name": "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/IoT_InstallAgent", + "type": "Microsoft.Security/IoTSecurityAggregatedRecommendation", + "properties": { + "recommendationName": "TooLargeIPRange", + "recommendationDisplayName": "Permissive firewall policy in one of the chains was found", + "description": "An allow IP filter rule source IP range is too large. Overly permissive rules can expose your IoT hub to malicious actors.", + "recommendationTypeId": "{20ff7fc3-e762-44dd-bd96-b71116dcdc23}", + "detectedBy": "Microsoft", + "reportedSeverity": "High", + "remediationSteps": "", + "healthyDevices": 130000, + "unhealthyDeviceCount": 1, + "logAnalyticsQuery": "SecurityRecommendation | where tolower(AssessedResourceId) == tolower('/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Devices/IotHubs/t-ofdadu-hub') and tolower(RecommendationName) == tolower('TooLargeIPRange')" + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendation_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendation_example.json new file mode 100644 index 000000000000..51b44a0c90c2 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendation_example.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "api-version": "2019-08-01", + "subscriptionId": "075423e9-7d33-4166-8bdf-3920b04e3735", + "resourceGroupName": "IoTEdgeResources", + "solutionName": "default", + "aggregatedRecommendationName": "OpenPortsOnDevice" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/OpenPortsOnDevice", + "name": "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/OpenPortsOnDevice", + "type": "Microsoft.Security/IoTSecurityAggregatedRecommendation", + "properties": { + "recommendationName": "OpenPortsOnDevice", + "recommendationDisplayName": "Permissive firewall policy in one of the chains was found", + "description": "An allowed firewall policy was found in main firewall Chains (INPUT/OUTPUT). The policy should Deny all traffic by default define rules to allow necessary communication to/from the device", + "recommendationTypeId": "{20ff7fc3-e762-44dd-bd96-b71116dcdc23}", + "detectedBy": "Microsoft", + "reportedSeverity": "Low", + "remediationSteps": "", + "healthyDevices": 10000, + "unhealthyDeviceCount": 200, + "logAnalyticsQuery": "SecurityRecommendation | where tolower(AssessedResourceId) == tolower('/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Devices/IotHubs/t-ofdadu-hub') and tolower(RecommendationName) == tolower('OpenPortsOnDevice')" + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/PostIoTSecuritySolutionsSecurityAggregatedAlertDismiss_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/PostIoTSecuritySolutionsSecurityAggregatedAlertDismiss_example.json new file mode 100644 index 000000000000..0d2c25cde954 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/PostIoTSecuritySolutionsSecurityAggregatedAlertDismiss_example.json @@ -0,0 +1,12 @@ +{ + "parameters": { + "api-version": "2019-08-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "resourceGroupName": "IoTEdgeResources", + "solutionName": "default", + "aggregatedAlertName": "IoT_Bruteforce_Fail/2019-02-02/dismiss" + }, + "responses": { + "200": {} + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotSecuritySolutionAnalytics.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotSecuritySolutionAnalytics.json new file mode 100644 index 000000000000..69f53b3b6072 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotSecuritySolutionAnalytics.json @@ -0,0 +1,916 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Center", + "description": "API spec for Microsoft.Security (Azure Security Center) resource provider", + "version": "2019-08-01" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/analyticsModels": { + "get": { + "x-ms-examples": { + "Get Security Solutions Analytics": { + "$ref": "./examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalyticsList_example.json" + } + }, + "tags": [ + "IoT Security Solutions Analytics" + ], + "description": "Security Analytics of a security solution", + "operationId": "IoTSecuritySolutionsAnalytics_GetAll", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/SolutionName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IoTSecuritySolutionAnalyticsModelList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/analyticsModels/default": { + "get": { + "x-ms-examples": { + "Get Security Solutions Analytics": { + "$ref": "./examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalytics_example.json" + } + }, + "tags": [ + "IoT Security Solutions Analytics" + ], + "description": "Security Analytics of a security solution", + "operationId": "IoTSecuritySolutionsAnalytics_GetDefault", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/SolutionName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IoTSecuritySolutionAnalyticsModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/analyticsModels/default/aggregatedAlerts": { + "get": { + "x-ms-examples": { + "Get Security Solutions Analytics": { + "$ref": "./examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAggregatedAlertList_example.json" + } + }, + "tags": [ + "IoT Security Solutions Analytics" + ], + "description": "Security Analytics of a security solution", + "operationId": "IoTSecuritySolutionsAnalyticsAggregatedAlerts_List", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/SolutionName" + }, + { + "name": "$top", + "in": "query", + "description": "The number of results to retrieve.", + "required": false, + "type": "integer" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IoTSecurityAggregatedAlertList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/analyticsModels/default/aggregatedAlerts/{aggregatedAlertName}": { + "get": { + "x-ms-examples": { + "Get Security Solutions Analytics": { + "$ref": "./examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAggregatedAlert_example.json" + } + }, + "tags": [ + "IoT Security Solutions Analytics" + ], + "description": "Security Analytics of a security solution", + "operationId": "IoTSecuritySolutionsAnalyticsAggregatedAlert_Get", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/SolutionName" + }, + { + "$ref": "#/parameters/AggregatedAlertName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IoTSecurityAggregatedAlert" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/analyticsModels/default/aggregatedAlerts/{aggregatedAlertName}/dismiss": { + "post": { + "x-ms-examples": { + "Get Security Solutions Analytics": { + "$ref": "./examples/IoTSecuritySolutionsAnalytics/PostIoTSecuritySolutionsSecurityAggregatedAlertDismiss_example.json" + } + }, + "tags": [ + "IoT Security Solutions Analytics" + ], + "description": "Security Analytics of a security solution", + "operationId": "IoTSecuritySolutionsAnalyticsAggregatedAlert_Dismiss", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/SolutionName" + }, + { + "$ref": "#/parameters/AggregatedAlertName" + } + ], + "responses": { + "200": { + "description": "Dismissed" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/analyticsModels/default/aggregatedRecommendations/{aggregatedRecommendationName}": { + "get": { + "x-ms-examples": { + "Get Security Solutions Analytics": { + "$ref": "./examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendation_example.json" + } + }, + "tags": [ + "IoT Security Solutions Analytics" + ], + "description": "Security Analytics of a security solution", + "operationId": "IoTSecuritySolutionsAnalyticsRecommendation_Get", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/SolutionName" + }, + { + "$ref": "#/parameters/AggregatedRecommendationName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IoTSecurityAggregatedRecommendation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/analyticsModels/default/aggregatedRecommendations": { + "get": { + "x-ms-examples": { + "Get Security Solutions Analytics": { + "$ref": "./examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendationList_example.json" + } + }, + "tags": [ + "IoT Security Solutions Analytics" + ], + "description": "Security Analytics of a security solution", + "operationId": "IoTSecuritySolutionsAnalyticsRecommendations_List", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/SolutionName" + }, + { + "name": "$top", + "in": "query", + "description": "The number of results to retrieve.", + "required": false, + "type": "integer" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IoTSecurityAggregatedRecommendationList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + } + }, + "definitions": { + "IoTSeverityMetrics": { + "type": "object", + "description": "Severity metrics", + "properties": { + "high": { + "type": "integer", + "description": "count of high severity items" + }, + "medium": { + "type": "integer", + "description": "count of medium severity items" + }, + "low": { + "type": "integer", + "description": "count of low severity items" + } + } + }, + "IoTSecuritySolutionAnalyticsModel": { + "type": "object", + "description": "Security Analytics of a security solution", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "description": "Security Solution Aggregated Alert data", + "$ref": "#/definitions/IoTSecuritySolutionAnalyticsModelProperties" + } + }, + "allOf": [ + { + "$ref": "../../../common/v1/types.json#/definitions/Resource" + } + ] + }, + "IoTSecuritySolutionAnalyticsModelProperties": { + "description": "Security Analytics of a security solution properties", + "properties": { + "metrics": { + "type": "object", + "$ref": "#/definitions/IoTSeverityMetrics", + "description": "Security Analytics of a security solution", + "readOnly": true + }, + "unhealthyDeviceCount": { + "type": "integer", + "readOnly": true, + "description": "number of unhealthy devices" + }, + "devicesMetrics": { + "description": "The list of devices metrics by the aggregated date.", + "type": "array", + "readOnly": true, + "items": { + "properties": { + "date": { + "type": "string", + "format": "date-time", + "description": "the date of the metrics" + }, + "devicesMetrics": { + "type": "object", + "$ref": "#/definitions/IoTSeverityMetrics", + "description": "devices alerts count by severity." + } + } + } + }, + "topAlertedDevices": { + "description": "The list of top 3 devices with the most attacked.", + "type": "object", + "$ref": "#/definitions/IoTSecurityAlertedDevicesList" + }, + "mostPrevalentDeviceAlerts": { + "description": "The list of most prevalent 3 alerts.", + "type": "object", + "$ref": "#/definitions/IoTSecurityDeviceAlertsList" + }, + "mostPrevalentDeviceRecommendations": { + "description": "The list of most prevalent 3 recommendations.", + "type": "object", + "$ref": "#/definitions/IoTSecurityDeviceRecommendationsList" + } + } + }, + "IoTSecuritySolutionAnalyticsModelList": { + "description": "List of Security Analytics of a security solution", + "required": [ + "value" + ], + "properties": { + "value": { + "type": "array", + "description": "List of Security Analytics of a security solution", + "items": { + "$ref": "#/definitions/IoTSecuritySolutionAnalyticsModel" + } + }, + "nextLink": { + "readOnly": true, + "type": "string", + "description": "The URI to fetch the next page." + } + } + }, + "IoTSecurityAggregatedAlertList": { + "description": "List of IoT aggregated security alerts", + "required": [ + "value" + ], + "properties": { + "value": { + "type": "array", + "description": "List of aggregated alerts data", + "items": { + "$ref": "#/definitions/IoTSecurityAggregatedAlert" + } + }, + "nextLink": { + "readOnly": true, + "type": "string", + "description": "The URI to fetch the next page." + } + } + }, + "IoTSecurityAggregatedRecommendationList": { + "description": "List of IoT aggregated security recommendations", + "required": [ + "value" + ], + "properties": { + "value": { + "type": "array", + "description": "List of aggregated alerts data", + "items": { + "$ref": "#/definitions/IoTSecurityAggregatedRecommendation" + } + }, + "nextLink": { + "readOnly": true, + "type": "string", + "description": "The URI to fetch the next page." + } + } + }, + "IoTSecurityAlertedDevicesList": { + "description": "List of devices with the count of raised alerts", + "required": [ + "value" + ], + "properties": { + "value": { + "type": "array", + "description": "List of aggregated alerts data", + "items": { + "$ref": "#/definitions/IoTSecurityAlertedDevice" + } + }, + "nextLink": { + "readOnly": true, + "type": "string", + "description": "The URI to fetch the next page." + } + } + }, + "IoTSecurityDeviceAlertsList": { + "description": "List of alerts with the count of raised alerts", + "required": [ + "value" + ], + "properties": { + "value": { + "type": "array", + "description": "List of top alerts data", + "items": { + "$ref": "#/definitions/IoTSecurityDeviceAlert" + } + }, + "nextLink": { + "readOnly": true, + "type": "string", + "description": "The URI to fetch the next page." + } + } + }, + "IoTSecurityDeviceRecommendationsList": { + "description": "List of recommendations with the count of devices", + "required": [ + "value" + ], + "properties": { + "value": { + "type": "array", + "description": "List of aggregated recommendation data", + "items": { + "$ref": "#/definitions/IoTSecurityDeviceRecommendation" + } + }, + "nextLink": { + "readOnly": true, + "type": "string", + "description": "The URI to fetch the next page." + } + } + }, + "IoTSecurityAggregatedAlert": { + "type": "object", + "description": "Security Solution Aggregated Alert information", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "description": "Security Solution Aggregated Alert data", + "$ref": "#/definitions/IoTSecurityAggregatedAlertProperties" + } + }, + "allOf": [ + { + "$ref": "../../../common/v1/types.json#/definitions/Resource" + }, + { + "$ref": "#/definitions/TagsResource" + } + ] + }, + "IoTSecurityAggregatedAlertProperties": { + "type": "object", + "description": "Security Solution Aggregated Alert data", + "properties": { + "alertType": { + "readOnly": true, + "type": "string", + "description": "Name of the alert type" + }, + "alertDisplayName": { + "readOnly": true, + "type": "string", + "description": "Display name of the alert type" + }, + "aggregatedDateUtc": { + "readOnly": true, + "type": "string", + "format": "date", + "description": "The date the incidents were detected by the vendor" + }, + "vendorName": { + "readOnly": true, + "type": "string", + "description": "Name of the vendor that discovered the incident" + }, + "reportedSeverity": { + "readOnly": true, + "type": "string", + "enum": [ + "Informational", + "Low", + "Medium", + "High" + ], + "x-ms-enum": { + "name": "reportedSeverity", + "modelAsString": true, + "values": [ + { + "value": "Informational" + }, + { + "value": "Low" + }, + { + "value": "Medium" + }, + { + "value": "High" + } + ] + }, + "description": "Estimated severity of this alert" + }, + "remediationSteps": { + "readOnly": true, + "type": "string", + "description": "Recommended steps for remediation" + }, + "description": { + "readOnly": true, + "type": "string", + "description": "Description of the incident and what it means" + }, + "count": { + "readOnly": true, + "type": "integer", + "description": "Occurrence number of the alert within the aggregated date" + }, + "effectedResourceType": { + "readOnly": true, + "type": "string", + "description": "Azure resource ID of the resource that got the alerts" + }, + "systemSource": { + "readOnly": true, + "type": "string", + "description": "The type of the alerted resource (Azure, Non-Azure)" + }, + "actionTaken": { + "readOnly": true, + "type": "string", + "description": "The action that was taken as a response to the alert (Active, Blocked etc.)" + }, + "logAnalyticsQuery": { + "readOnly": true, + "type": "string", + "description": "query in log analytics to get the list of affected devices/alerts" + } + } + }, + "IoTSecurityAggregatedRecommendation": { + "type": "object", + "description": "Security Solution Recommendation Information", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "description": "Security Solution data", + "$ref": "#/definitions/IoTSecurityAggregatedRecommendationProperties" + } + }, + "allOf": [ + { + "$ref": "../../../common/v1/types.json#/definitions/Resource" + }, + { + "$ref": "#/definitions/TagsResource" + } + ] + }, + "IoTSecurityAggregatedRecommendationProperties": { + "type": "object", + "description": "Security Solution Recommendation Information", + "properties": { + "recommendationName": { + "type": "string", + "description": "Name of the recommendation" + }, + "recommendationDisplayName": { + "readOnly": true, + "type": "string", + "description": "Display name of the recommendation type." + }, + "description": { + "readOnly": true, + "type": "string", + "description": "Description of the incident and what it means" + }, + "recommendationTypeId": { + "description": "The recommendation-type GUID.", + "type": "string", + "readOnly": true + }, + "detectedBy": { + "readOnly": true, + "type": "string", + "description": "Name of the vendor that discovered the issue" + }, + "remediationSteps": { + "readOnly": true, + "type": "string", + "description": "Recommended steps for remediation" + }, + "reportedSeverity": { + "readOnly": true, + "type": "string", + "enum": [ + "Informational", + "Low", + "Medium", + "High" + ], + "x-ms-enum": { + "name": "reportedSeverity", + "modelAsString": true, + "values": [ + { + "value": "Informational" + }, + { + "value": "Low" + }, + { + "value": "Medium" + }, + { + "value": "High" + } + ] + }, + "description": "Estimated severity of this recommendation" + }, + "healthyDevices": { + "readOnly": true, + "type": "integer", + "description": "the number of the healthy devices within the solution" + }, + "unhealthyDeviceCount": { + "readOnly": true, + "type": "integer", + "description": "the number of the unhealthy devices within the solution" + }, + "logAnalyticsQuery": { + "readOnly": true, + "type": "string", + "description": "query in log analytics to get the list of affected devices/alerts" + } + } + }, + "IoTSecurityAlertedDevice": { + "type": "object", + "description": "Statistic information about the number of alerts per device during the last period", + "properties": { + "deviceId": { + "readOnly": true, + "type": "string", + "description": "Name of the alert type" + }, + "alertsCount": { + "readOnly": true, + "type": "integer", + "description": "the number of alerts raised for this device" + } + } + }, + "IoTSecurityDeviceAlert": { + "type": "object", + "description": "Statistic information about the number of alerts per alert type during the last period", + "properties": { + "alertDisplayName": { + "readOnly": true, + "type": "string", + "description": "Display name of the alert" + }, + "reportedSeverity": { + "readOnly": true, + "type": "string", + "enum": [ + "Informational", + "Low", + "Medium", + "High" + ], + "x-ms-enum": { + "name": "reportedSeverity", + "modelAsString": true, + "values": [ + { + "value": "Informational" + }, + { + "value": "Low" + }, + { + "value": "Medium" + }, + { + "value": "High" + } + ] + }, + "description": "Estimated severity of this alert" + }, + "alertsCount": { + "readOnly": true, + "type": "integer", + "description": "the number of alerts raised for this alert type" + } + } + }, + "IoTSecurityDeviceRecommendation": { + "type": "object", + "description": "Statistic information about the number of recommendations per recommendation type", + "properties": { + "recommendationDisplayName": { + "readOnly": true, + "type": "string", + "description": "Display name of the recommendation" + }, + "reportedSeverity": { + "readOnly": true, + "type": "string", + "enum": [ + "Informational", + "Low", + "Medium", + "High" + ], + "x-ms-enum": { + "name": "reportedSeverity", + "modelAsString": true, + "values": [ + { + "value": "Informational" + }, + { + "value": "Low" + }, + { + "value": "Medium" + }, + { + "value": "High" + } + ] + }, + "description": "Estimated severity of this recommendation" + }, + "devicesCount": { + "readOnly": true, + "type": "integer", + "description": "the number of device with this recommendation" + } + } + }, + "TagsResource": { + "properties": { + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Resource tags" + } + }, + "description": "A container holding only the Tags for a resource, allowing the user to update the tags." + } + }, + "parameters": { + "SolutionName": { + "name": "solutionName", + "in": "path", + "required": true, + "description": "The solution manager name", + "type": "string", + "x-ms-parameter-location": "method" + }, + "AggregatedAlertName": { + "name": "aggregatedAlertName", + "in": "path", + "required": true, + "description": "Identifier of the aggregated alert", + "type": "string", + "x-ms-parameter-location": "method" + }, + "AggregatedRecommendationName": { + "name": "aggregatedRecommendationName", + "in": "path", + "required": true, + "description": "Identifier of the aggregated recommendation", + "type": "string", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotSecuritySolutions.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotSecuritySolutions.json new file mode 100644 index 000000000000..1fc9e82ba092 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotSecuritySolutions.json @@ -0,0 +1,659 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Center", + "description": "API spec for Microsoft.Security (Azure Security Center) resource provider", + "version": "2019-08-01" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/providers/Microsoft.Security/iotSecuritySolutions": { + "get": { + "x-ms-examples": { + "Get Security Solutions list": { + "$ref": "./examples/IoTSecuritySolutions/GetIoTSecuritySolutionsList_example.json" + }, + "Get Security Solutions list By IotHub": { + "$ref": "./examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByIotHub_example.json" + } + }, + "tags": [ + "IoT Security Solutions" + ], + "description": "List of security solutions", + "operationId": "IoTSecuritySolutions_List", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/FilterParam" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IoTSecuritySolutionsList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions": { + "get": { + "x-ms-examples": { + "Get Security Solutions list": { + "$ref": "./examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByRg_example.json" + }, + "Get Security Solutions list By IotHub": { + "$ref": "./examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByIotHubAndRg_example.json" + } + }, + "tags": [ + "IoT Security Solutions" + ], + "description": "List of security solutions", + "operationId": "IoTSecuritySolutionsResourceGroup_List", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/FilterParam" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IoTSecuritySolutionsList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}": { + "get": { + "x-ms-examples": { + "Get an iot security solution": { + "$ref": "./examples/IoTSecuritySolutions/GetIoTSecuritySolution_example.json" + } + }, + "tags": [ + "IoT Security Solutions" + ], + "description": "Details of a specific iot security solution", + "operationId": "IotSecuritySolution_Get", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/SolutionName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IoTSecuritySolutionModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Create an iot security solution": { + "$ref": "./examples/IoTSecuritySolutions/CreateIoTSecuritySolution_example.json" + } + }, + "tags": [ + "IoT Security Solutions" + ], + "description": "Create new solution manager", + "operationId": "IotSecuritySolution_Create", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/SolutionName" + }, + { + "$ref": "#/parameters/IotSecuritySolutionData" + } + ], + "responses": { + "200": { + "description": "Updated", + "schema": { + "$ref": "#/definitions/IoTSecuritySolutionModel" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/IoTSecuritySolutionModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + }, + "patch": { + "x-ms-examples": { + "Update an iot security solution": { + "$ref": "./examples/IoTSecuritySolutions/UpdateIoTSecuritySolution_example.json" + } + }, + "tags": [ + "IoT Security Solutions" + ], + "description": "update existing Security Solution tags or user defined resources. To update other fields use the CreateOrUpdate method", + "operationId": "IotSecuritySolution_Update", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/SolutionName" + }, + { + "$ref": "#/parameters/UpdateIotSecuritySolution" + } + ], + "responses": { + "200": { + "description": "Updated", + "schema": { + "$ref": "#/definitions/IoTSecuritySolutionModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Create an iot security solution": { + "$ref": "./examples/IoTSecuritySolutions/DeleteIoTSecuritySolution_example.json" + } + }, + "tags": [ + "IoT Security Solutions" + ], + "description": "Create new solution manager", + "operationId": "IotSecuritySolution_Delete", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/SolutionName" + } + ], + "responses": { + "200": { + "description": "Security Solution deleted" + }, + "204": { + "description": "Security Solution was not exists" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "TagsResource": { + "properties": { + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Resource tags" + } + }, + "description": "A container holding only the Tags for a resource, allowing the user to update the tags." + }, + "IoTSecuritySolutionsList": { + "description": "List of iot solutions", + "required": [ + "value" + ], + "properties": { + "value": { + "type": "array", + "description": "List of security solutions", + "items": { + "$ref": "#/definitions/IoTSecuritySolutionModel" + } + }, + "nextLink": { + "readOnly": true, + "type": "string", + "description": "The URI to fetch the next page." + } + } + }, + "IoTSecuritySolutionModel": { + "type": "object", + "description": "Security Solution", + "properties": { + "location": { + "type": "string", + "description": "The resource location." + }, + "properties": { + "x-ms-client-flatten": true, + "description": "Security Solution data", + "$ref": "#/definitions/IoTSecuritySolutionProperties" + } + }, + "allOf": [ + { + "$ref": "../../../common/v1/types.json#/definitions/Resource" + }, + { + "$ref": "#/definitions/TagsResource" + } + ] + }, + "IoTSecuritySolutionProperties": { + "type": "object", + "description": "Security Solution setting data", + "properties": { + "workspace": { + "type": "string", + "description": "Workspace resource ID" + }, + "displayName": { + "type": "string", + "description": "Resource display name." + }, + "status": { + "type": "string", + "enum": [ + "Enabled", + "Disabled" + ], + "default": "Enabled", + "description": "Security solution status", + "x-ms-enum": { + "name": "SecuritySolutionStatus", + "modelAsString": true + } + }, + "export": { + "type": "array", + "items": { + "enum": [ + "RawEvents" + ], + "type": "string", + "x-ms-enum": { + "name": "ExportData", + "modelAsString": true, + "values": [ + { + "value": "RawEvents", + "description": "Agent raw events" + } + ] + } + }, + "description": "List of additional export to workspace data options" + }, + "disabledDataSources": { + "type": "array", + "items": { + "enum": [ + "TwinData" + ], + "type": "string", + "x-ms-enum": { + "name": "DataSource", + "modelAsString": true, + "values": [ + { + "value": "TwinData", + "description": "Devices twin data" + } + ] + } + }, + "description": "Disabled data sources. Disabling these data sources compromises the system." + }, + "iotHubs": { + "type": "array", + "description": "IoT Hub resource IDs", + "items": { + "type": "string" + } + }, + "userDefinedResources": { + "$ref": "#/definitions/UserDefinedResourcesProperties" + }, + "autoDiscoveredResources": { + "type": "array", + "description": "List of resources that were automatically discovered as relevant to the security solution.", + "items": { + "type": "string" + }, + "readOnly": true + }, + "recommendationsConfiguration": { + "$ref": "#/definitions/RecommendationConfigurationList" + } + }, + "required": [ + "iotHubs", + "workspace", + "displayName" + ] + }, + "UserDefinedResourcesProperties": { + "type": "object", + "description": "Properties of the solution's user defined resources.", + "properties": { + "query": { + "type": "string", + "x-nullable": true, + "description": "Azure Resource Graph query which represents the security solution's user defined resources. Required to start with \"where type != \"Microsoft.Devices/IotHubs\"\"" + }, + "querySubscriptions": { + "type": "array", + "x-nullable": true, + "description": "List of Azure subscription ids on which the user defined resources query should be executed.", + "items": { + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$" + } + } + }, + "required": [ + "query", + "querySubscriptions" + ] + }, + "RecommendationConfigurationProperties": { + "type": "object", + "description": "Recommendation configuration", + "properties": { + "recommendationType": { + "type": "string", + "description": "The recommendation type.", + "enum": [ + "IoT_ACRAuthentication", + "IoT_AgentSendsUnutilizedMessages", + "IoT_Baseline", + "IoT_EdgeHubMemOptimize", + "IoT_EdgeLoggingOptions", + "IoT_InconsistentModuleSettings", + "IoT_InstallAgent", + "IoT_IPFilter_DenyAll", + "IoT_IPFilter_PermissiveRule", + "IoT_OpenPorts", + "IoT_PermissiveFirewallPolicy", + "IoT_PermissiveInputFirewallRules", + "IoT_PermissiveOutputFirewallRules", + "IoT_PrivilegedDockerOptions", + "IoT_SharedCredentials", + "IoT_VulnerableTLSCipherSuite" + ], + "x-ms-enum": { + "name": "RecommendationType", + "modelAsString": true, + "values": [ + { + "value": "IoT_ACRAuthentication", + "description": "Authentication schema used for pull an edge module from an ACR repository does not use Service Principal Authentication." + }, + { + "value": "IoT_AgentSendsUnutilizedMessages", + "description": "IoT agent message size capacity is currently underutilized, causing an increase in the number of sent messages. Adjust message intervals for better utilization." + }, + { + "value": "IoT_Baseline", + "description": "Identified security related system configuration issues." + }, + { + "value": "IoT_EdgeHubMemOptimize", + "description": "You can optimize Edge Hub memory usage by turning off protocol heads for any protocols not used by Edge modules in your solution." + }, + { + "value": "IoT_EdgeLoggingOptions", + "description": "Logging is disabled for this edge module." + }, + { + "value": "IoT_InconsistentModuleSettings", + "description": "A minority within a device security group has inconsistent Edge Module settings with the rest of their group." + }, + { + "value": "IoT_InstallAgent", + "description": "Install the Azure Security of Things Agent." + }, + { + "value": "IoT_IPFilter_DenyAll", + "description": "IP Filter Configuration should have rules defined for allowed traffic and should deny all other traffic by default." + }, + { + "value": "IoT_IPFilter_PermissiveRule", + "description": "An Allow IP Filter rules source IP range is too large. Overly permissive rules might expose your IoT hub to malicious intenders." + }, + { + "value": "IoT_OpenPorts", + "description": "A listening endpoint was found on the device." + }, + { + "value": "IoT_PermissiveFirewallPolicy", + "description": "An Allowed firewall policy was found (INPUT/OUTPUT). The policy should Deny all traffic by default and define rules to allow necessary communication to/from the device." + }, + { + "value": "IoT_PermissiveInputFirewallRules", + "description": "A rule in the firewall has been found that contains a permissive pattern for a wide range of IP addresses or Ports." + }, + { + "value": "IoT_PermissiveOutputFirewallRules", + "description": "A rule in the firewall has been found that contains a permissive pattern for a wide range of IP addresses or Ports." + }, + { + "value": "IoT_PrivilegedDockerOptions", + "description": "Edge module is configured to run in privileged mode, with extensive Linux capabilities or with host-level network access (send/receive data to host machine)." + }, + { + "value": "IoT_SharedCredentials", + "description": "Same authentication credentials to the IoT Hub used by multiple devices. This could indicate an illegitimate device impersonating a legitimate device. It also exposes the risk of device impersonation by an attacker." + }, + { + "value": "IoT_VulnerableTLSCipherSuite", + "description": "Insecure TLS configurations detected. Immediate upgrade recommended." + } + ] + } + }, + "name": { + "type": "string", + "readOnly": true + }, + "status": { + "type": "string", + "enum": [ + "Disabled", + "Enabled" + ], + "default": "Enabled", + "description": "Recommendation status. The recommendation is not generated when the status is disabled", + "x-ms-enum": { + "name": "RecommendationConfigStatus", + "modelAsString": true + } + } + }, + "required": [ + "recommendationType", + "status" + ] + }, + "RecommendationConfigurationList": { + "type": "array", + "description": "List of recommendation configuration", + "items": { + "$ref": "#/definitions/RecommendationConfigurationProperties" + } + }, + "UpdateIotSecuritySolutionData": { + "type": "object", + "properties": { + "userDefinedResources": { + "$ref": "#/definitions/UserDefinedResourcesProperties" + }, + "recommendationsConfiguration": { + "$ref": "#/definitions/RecommendationConfigurationList" + } + }, + "allOf": [ + { + "$ref": "#/definitions/TagsResource" + } + ] + } + }, + "parameters": { + "SolutionName": { + "name": "solutionName", + "in": "path", + "required": true, + "description": "The solution manager name", + "type": "string", + "x-ms-parameter-location": "method" + }, + "IotSecuritySolutionData": { + "name": "iotSecuritySolutionData", + "in": "body", + "required": true, + "description": "The security solution data", + "schema": { + "$ref": "#/definitions/IoTSecuritySolutionModel" + }, + "x-ms-parameter-location": "method" + }, + "FilterParam": { + "name": "$filter", + "in": "query", + "required": false, + "description": "filter the Security Solution with OData syntax. supporting filter by iotHubs", + "type": "string", + "x-ms-parameter-location": "method" + }, + "UpdateIotSecuritySolution": { + "name": "updateIotSecuritySolutionData", + "in": "body", + "required": true, + "description": "The security solution data", + "x-ms-parameter-location": "method", + "schema": { + "$ref": "#/definitions/UpdateIotSecuritySolutionData" + } + } + } +} diff --git a/specification/security/resource-manager/readme.md b/specification/security/resource-manager/readme.md index d7a2879d54a9..89bfbccf3fca 100644 --- a/specification/security/resource-manager/readme.md +++ b/specification/security/resource-manager/readme.md @@ -121,6 +121,8 @@ input-file: - Microsoft.Security/stable/2018-06-01/pricings.json - Microsoft.Security/stable/2019-01-01/alerts.json - Microsoft.Security/stable/2019-01-01/settings.json +- Microsoft.Security/stable/2019-08-01/iotSecuritySolutions.json +- Microsoft.Security/stable/2019-08-01/iotSecuritySolutionAnalytics.json - Microsoft.Security/preview/2015-06-01-preview/allowedConnections.json - Microsoft.Security/preview/2015-06-01-preview/discoveredSecuritySolutions.json - Microsoft.Security/preview/2015-06-01-preview/externalSecuritySolutions.json @@ -136,8 +138,6 @@ input-file: - Microsoft.Security/preview/2017-08-01-preview/informationProtectionPolicies.json - Microsoft.Security/preview/2017-08-01-preview/securityContacts.json - Microsoft.Security/preview/2017-08-01-preview/workspaceSettings.json -- Microsoft.Security/preview/2017-08-01-preview/iotSecuritySolutions.json -- Microsoft.Security/preview/2017-08-01-preview/iotSecuritySolutionAnalytics.json - Microsoft.Security/preview/2019-01-01-preview/regulatoryCompliance.json - Microsoft.Security/preview/2019-01-01-preview/serverVulnerabilityAssessments.json From 3efd92b5906fb9ab02505037735d5a7db97364b4 Mon Sep 17 00:00:00 2001 From: Hag Date: Mon, 29 Jul 2019 13:22:41 +0300 Subject: [PATCH 2/5] Set IoTSecuritySolutions & IoTSecuritySolutionAnalytics API as stable --- .../CreateIoTSecuritySolution_example.json | 262 +++++ .../DeleteIoTSecuritySolution_example.json | 12 + .../GetIoTSecuritySolution_example.json | 121 +++ ...itySolutionsListByIotHubAndRg_example.json | 127 +++ ...SecuritySolutionsListByIotHub_example.json | 126 +++ ...tIoTSecuritySolutionsListByRg_example.json | 124 +++ .../GetIoTSecuritySolutionsList_example.json | 234 +++++ .../UpdateIoTSecuritySolution_example.json | 148 +++ ...nsSecurityAggregatedAlertList_example.json | 54 ++ ...utionsSecurityAggregatedAlert_example.json | 32 + ...olutionsSecurityAnalyticsList_example.json | 95 ++ ...itySolutionsSecurityAnalytics_example.json | 91 ++ ...onsSecurityRecommendationList_example.json | 50 + ...lutionsSecurityRecommendation_example.json | 30 + ...ecurityAggregatedAlertDismiss_example.json | 12 + .../iotSecuritySolutionAnalytics.json | 916 ++++++++++++++++++ .../2019-08-01/iotSecuritySolutions.json | 659 +++++++++++++ .../security/resource-manager/readme.md | 6 +- 18 files changed, 3097 insertions(+), 2 deletions(-) create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/CreateIoTSecuritySolution_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/DeleteIoTSecuritySolution_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolution_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByIotHubAndRg_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByIotHub_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByRg_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsList_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/UpdateIoTSecuritySolution_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAggregatedAlertList_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAggregatedAlert_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalyticsList_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalytics_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendationList_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendation_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/PostIoTSecuritySolutionsSecurityAggregatedAlertDismiss_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotSecuritySolutionAnalytics.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotSecuritySolutions.json diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/CreateIoTSecuritySolution_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/CreateIoTSecuritySolution_example.json new file mode 100644 index 000000000000..70b99f07679a --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/CreateIoTSecuritySolution_example.json @@ -0,0 +1,262 @@ +{ + "parameters": { + "api-version": "2019-08-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "resourceGroupName": "MyGroup", + "solutionName": "default", + "iotSecuritySolutionData": { + "tags": {}, + "location": "East Us", + "properties": { + "workspace": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1", + "status": "Enabled", + "export": [], + "disabledDataSources": [], + "displayName": "Solution Default", + "iotHubs": [ + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub" + ], + "userDefinedResources": { + "query": "where type != \"microsoft.devices/iothubs\" | where name contains \"iot\"", + "querySubscriptions": [ + "075423e9-7d33-4166-8bdf-3920b04e3735" + ] + }, + "recommendationsConfiguration": [ + { + "recommendationType": "IoT_OpenPorts", + "status": "Disabled" + }, + { + "recommendationType": "IoT_SharedCredentials", + "status": "Disabled" + } + ] + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/Locations/eastus/IoTSecuritySolutions/default", + "name": "default", + "type": "Microsoft.Security/IoTSecuritySolutions", + "location": "East Us", + "tags": {}, + "properties": { + "workspace": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1", + "status": "Enabled", + "export": [], + "disabledDataSources": [], + "displayName": "Solution Default", + "iotHubs": [ + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub" + ], + "userDefinedResources": { + "query": "where type != \"microsoft.devices/iothubs\" | where name contains \"iot\"", + "querySubscriptions": [ + "075423e9-7d33-4166-8bdf-3920b04e3735" + ] + }, + "autoDiscoveredResources": [ + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735", + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub" + ], + "recommendationsConfiguration": [ + { + "recommendationType": "IoT_ACRAuthentication", + "name": "Service Principal Not Used with ACR", + "status": "Enabled" + }, + { + "recommendationType": "IoT_AgentSendsUnutilizedMessages", + "name": "Agent sending underutilized messages", + "status": "TurnedOn" + }, + { + "recommendationType": "IoT_Baseline", + "name": "Operating system (OS) baseline validation failure", + "status": "Enabled" + }, + { + "recommendationType": "IoT_EdgeHubMemOptimize", + "name": "Edge Hub memory can be optimized", + "status": "Enabled" + }, + { + "recommendationType": "IoT_EdgeLoggingOptions", + "name": "No Logging Configured for Edge Module", + "status": "Enabled" + }, + { + "recommendationType": "IoT_InconsistentModuleSettings", + "name": "Module Settings Inconsistent in SecurityGroup", + "status": "Enabled" + }, + { + "recommendationType": "IoT_InstallAgent", + "name": "Install the Azure Security of Things Agent", + "status": "Enabled" + }, + { + "recommendationType": "IoT_IPFilter_DenyAll", + "name": "Default IP Filter Policy should be Deny", + "status": "Enabled" + }, + { + "recommendationType": "IoT_IPFilter_PermissiveRule", + "name": "IP Filter rule includes large IP range", + "status": "Enabled" + }, + { + "recommendationType": "IoT_OpenPorts", + "name": "Open Ports On Device", + "status": "Disabled" + }, + { + "recommendationType": "IoT_PermissiveFirewallPolicy", + "name": "Permissive firewall policy in one of the chains was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PermissiveInputFirewallRules", + "name": "Permissive firewall rule in the input chain was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PermissiveOutputFirewallRules", + "name": "Permissive firewall rule in the output chain was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PrivilegedDockerOptions", + "name": "High level permissions configured in Edge model twin for Edge module", + "status": "Enabled" + }, + { + "recommendationType": "IoT_SharedCredentials", + "name": "Same Authentication Credentials used by multiple devices", + "status": "Disabled" + }, + { + "recommendationType": "IoT_VulnerableTLSCipherSuite", + "name": "TLS cipher suite upgrade", + "status": "Enabled" + } + ] + } + } + }, + "201": { + "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/Locations/eastus/IoTSecuritySolutions/default", + "name": "default", + "type": "Microsoft.Security/IoTSecuritySolutions", + "location": "East Us", + "tags": {}, + "properties": { + "workspace": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1", + "status": "Enabled", + "export": [], + "disabledDataSources": [], + "displayName": "Solution Default", + "iotHubs": [ + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub" + ], + "userDefinedResources": { + "query": "where type != \"microsoft.devices/iothubs\" | where name contains \"iot\"", + "querySubscriptions": [ + "075423e9-7d33-4166-8bdf-3920b04e3735" + ] + }, + "autoDiscoveredResources": [ + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735", + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub" + ], + "recommendationsConfiguration": [ + { + "recommendationType": "IoT_ACRAuthentication", + "name": "Service Principal Not Used with ACR", + "status": "Enabled" + }, + { + "recommendationType": "IoT_AgentSendsUnutilizedMessages", + "name": "Agent sending underutilized messages", + "status": "TurnedOn" + }, + { + "recommendationType": "IoT_Baseline", + "name": "Operating system (OS) baseline validation failure", + "status": "Enabled" + }, + { + "recommendationType": "IoT_EdgeHubMemOptimize", + "name": "Edge Hub memory can be optimized", + "status": "Enabled" + }, + { + "recommendationType": "IoT_EdgeLoggingOptions", + "name": "No Logging Configured for Edge Module", + "status": "Enabled" + }, + { + "recommendationType": "IoT_InconsistentModuleSettings", + "name": "Module Settings Inconsistent in SecurityGroup", + "status": "Enabled" + }, + { + "recommendationType": "IoT_InstallAgent", + "name": "Install the Azure Security of Things Agent", + "status": "Enabled" + }, + { + "recommendationType": "IoT_IPFilter_DenyAll", + "name": "Default IP Filter Policy should be Deny", + "status": "Enabled" + }, + { + "recommendationType": "IoT_IPFilter_PermissiveRule", + "name": "IP Filter rule includes large IP range", + "status": "Enabled" + }, + { + "recommendationType": "IoT_OpenPorts", + "name": "Open Ports On Device", + "status": "Disabled" + }, + { + "recommendationType": "IoT_PermissiveFirewallPolicy", + "name": "Permissive firewall policy in one of the chains was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PermissiveInputFirewallRules", + "name": "Permissive firewall rule in the input chain was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PermissiveOutputFirewallRules", + "name": "Permissive firewall rule in the output chain was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PrivilegedDockerOptions", + "name": "High level permissions configured in Edge model twin for Edge module", + "status": "Enabled" + }, + { + "recommendationType": "IoT_SharedCredentials", + "name": "Same Authentication Credentials used by multiple devices", + "status": "Disabled" + }, + { + "recommendationType": "IoT_VulnerableTLSCipherSuite", + "name": "TLS cipher suite upgrade", + "status": "Enabled" + } + ] + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/DeleteIoTSecuritySolution_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/DeleteIoTSecuritySolution_example.json new file mode 100644 index 000000000000..0c7bc0bf2944 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/DeleteIoTSecuritySolution_example.json @@ -0,0 +1,12 @@ +{ + "parameters": { + "api-version": "2019-08-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "resourceGroupName": "MyGroup", + "solutionName": "default" + }, + "responses": { + "204": {}, + "200": {} + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolution_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolution_example.json new file mode 100644 index 000000000000..a45c0ff3aaba --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolution_example.json @@ -0,0 +1,121 @@ +{ + "parameters": { + "api-version": "2019-08-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "resourceGroupName": "MyGroup", + "solutionName": "default" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default", + "name": "default", + "type": "Microsoft.Security/IoTSecuritySolutions", + "location": "East Us", + "tags": {}, + "properties": { + "workspace": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1", + "status": "Enabled", + "export": [], + "disabledDataSources": [], + "displayName": "Solution Default", + "iotHubs": [ + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub" + ], + "userDefinedResources": { + "query": "where type != \"microsoft.devices/iothubs\" | where name contains \"iot\"", + "querySubscriptions": [ + "075423e9-7d33-4166-8bdf-3920b04e3735" + ] + }, + "autoDiscoveredResources": [ + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735", + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub" + ], + "recommendationsConfiguration": [ + { + "recommendationType": "IoT_ACRAuthentication", + "name": "Service Principal Not Used with ACR", + "status": "Enabled" + }, + { + "recommendationType": "IoT_AgentSendsUnutilizedMessages", + "name": "Agent sending underutilized messages", + "status": "TurnedOn" + }, + { + "recommendationType": "IoT_Baseline", + "name": "Operating system (OS) baseline validation failure", + "status": "Enabled" + }, + { + "recommendationType": "IoT_EdgeHubMemOptimize", + "name": "Edge Hub memory can be optimized", + "status": "Enabled" + }, + { + "recommendationType": "IoT_EdgeLoggingOptions", + "name": "No Logging Configured for Edge Module", + "status": "Enabled" + }, + { + "recommendationType": "IoT_InconsistentModuleSettings", + "name": "Module Settings Inconsistent in SecurityGroup", + "status": "Enabled" + }, + { + "recommendationType": "IoT_InstallAgent", + "name": "Install the Azure Security of Things Agent", + "status": "Enabled" + }, + { + "recommendationType": "IoT_IPFilter_DenyAll", + "name": "Default IP Filter Policy should be Deny", + "status": "Enabled" + }, + { + "recommendationType": "IoT_IPFilter_PermissiveRule", + "name": "IP Filter rule includes large IP range", + "status": "Enabled" + }, + { + "recommendationType": "IoT_OpenPorts", + "name": "Open Ports On Device", + "status": "Disabled" + }, + { + "recommendationType": "IoT_PermissiveFirewallPolicy", + "name": "Permissive firewall policy in one of the chains was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PermissiveInputFirewallRules", + "name": "Permissive firewall rule in the input chain was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PermissiveOutputFirewallRules", + "name": "Permissive firewall rule in the output chain was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PrivilegedDockerOptions", + "name": "High level permissions configured in Edge model twin for Edge module", + "status": "Enabled" + }, + { + "recommendationType": "IoT_SharedCredentials", + "name": "Same Authentication Credentials used by multiple devices", + "status": "Disabled" + }, + { + "recommendationType": "IoT_VulnerableTLSCipherSuite", + "name": "TLS cipher suite upgrade", + "status": "Enabled" + } + ] + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByIotHubAndRg_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByIotHubAndRg_example.json new file mode 100644 index 000000000000..8c5ae9396b5f --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByIotHubAndRg_example.json @@ -0,0 +1,127 @@ +{ + "parameters": { + "api-version": "2019-08-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "resourceGroupName": "MyRg", + "$filter": "properties.iotHubs/any(i eq \"/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub\")" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyRg/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default", + "name": "default", + "type": "Microsoft.Security/IoTSecuritySolutions", + "location": "East Us", + "tags": {}, + "properties": { + "workspace": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1", + "status": "Enabled", + "export": [ + "RawEvents" + ], + "disabledDataSources": [ ], + "displayName": "Solution Default", + "iotHubs": [ + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub" + ], + "userDefinedResources": { + "query": "where type != \"microsoft.devices/iothubs\" | where name contains \"iot\"", + "querySubscriptions": [ + "075423e9-7d33-4166-8bdf-3920b04e3735" + ] + }, + "autoDiscoveredResources": [ + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735", + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub" + ], + "recommendationsConfiguration": [ + { + "recommendationType": "IoT_ACRAuthentication", + "name": "Service Principal Not Used with ACR", + "status": "Enabled" + }, + { + "recommendationType": "IoT_AgentSendsUnutilizedMessages", + "name": "Agent sending underutilized messages", + "status": "TurnedOn" + }, + { + "recommendationType": "IoT_Baseline", + "name": "Operating system (OS) baseline validation failure", + "status": "Enabled" + }, + { + "recommendationType": "IoT_EdgeHubMemOptimize", + "name": "Edge Hub memory can be optimized", + "status": "Enabled" + }, + { + "recommendationType": "IoT_EdgeLoggingOptions", + "name": "No Logging Configured for Edge Module", + "status": "Enabled" + }, + { + "recommendationType": "IoT_InconsistentModuleSettings", + "name": "Module Settings Inconsistent in SecurityGroup", + "status": "Enabled" + }, + { + "recommendationType": "IoT_InstallAgent", + "name": "Install the Azure Security of Things Agent", + "status": "Enabled" + }, + { + "recommendationType": "IoT_IPFilter_DenyAll", + "name": "Default IP Filter Policy should be Deny", + "status": "Enabled" + }, + { + "recommendationType": "IoT_IPFilter_PermissiveRule", + "name": "IP Filter rule includes large IP range", + "status": "Enabled" + }, + { + "recommendationType": "IoT_OpenPorts", + "name": "Open Ports On Device", + "status": "Disabled" + }, + { + "recommendationType": "IoT_PermissiveFirewallPolicy", + "name": "Permissive firewall policy in one of the chains was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PermissiveInputFirewallRules", + "name": "Permissive firewall rule in the input chain was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PermissiveOutputFirewallRules", + "name": "Permissive firewall rule in the output chain was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PrivilegedDockerOptions", + "name": "High level permissions configured in Edge model twin for Edge module", + "status": "Enabled" + }, + { + "recommendationType": "IoT_SharedCredentials", + "name": "Same Authentication Credentials used by multiple devices", + "status": "Disabled" + }, + { + "recommendationType": "IoT_VulnerableTLSCipherSuite", + "name": "TLS cipher suite upgrade", + "status": "Enabled" + } + ] + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByIotHub_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByIotHub_example.json new file mode 100644 index 000000000000..c8e79dce066e --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByIotHub_example.json @@ -0,0 +1,126 @@ +{ + "parameters": { + "api-version": "2019-08-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "$filter": "properties.iotHubs/any(i eq \"/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub\")" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default", + "name": "default", + "type": "Microsoft.Security/IoTSecuritySolutions", + "location": "East Us", + "tags": {}, + "properties": { + "workspace": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1", + "status": "Enabled", + "export": [ + "RawEvents" + ], + "disabledDataSources": [ ], + "displayName": "Solution Default", + "iotHubs": [ + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub" + ], + "userDefinedResources": { + "query": "where type != \"microsoft.devices/iothubs\" | where name contains \"iot\"", + "querySubscriptions": [ + "075423e9-7d33-4166-8bdf-3920b04e3735" + ] + }, + "autoDiscoveredResources": [ + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735", + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub" + ], + "recommendationsConfiguration": [ + { + "recommendationType": "IoT_ACRAuthentication", + "name": "Service Principal Not Used with ACR", + "status": "Enabled" + }, + { + "recommendationType": "IoT_AgentSendsUnutilizedMessages", + "name": "Agent sending underutilized messages", + "status": "TurnedOn" + }, + { + "recommendationType": "IoT_Baseline", + "name": "Operating system (OS) baseline validation failure", + "status": "Enabled" + }, + { + "recommendationType": "IoT_EdgeHubMemOptimize", + "name": "Edge Hub memory can be optimized", + "status": "Enabled" + }, + { + "recommendationType": "IoT_EdgeLoggingOptions", + "name": "No Logging Configured for Edge Module", + "status": "Enabled" + }, + { + "recommendationType": "IoT_InconsistentModuleSettings", + "name": "Module Settings Inconsistent in SecurityGroup", + "status": "Enabled" + }, + { + "recommendationType": "IoT_InstallAgent", + "name": "Install the Azure Security of Things Agent", + "status": "Enabled" + }, + { + "recommendationType": "IoT_IPFilter_DenyAll", + "name": "Default IP Filter Policy should be Deny", + "status": "Enabled" + }, + { + "recommendationType": "IoT_IPFilter_PermissiveRule", + "name": "IP Filter rule includes large IP range", + "status": "Enabled" + }, + { + "recommendationType": "IoT_OpenPorts", + "name": "Open Ports On Device", + "status": "Disabled" + }, + { + "recommendationType": "IoT_PermissiveFirewallPolicy", + "name": "Permissive firewall policy in one of the chains was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PermissiveInputFirewallRules", + "name": "Permissive firewall rule in the input chain was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PermissiveOutputFirewallRules", + "name": "Permissive firewall rule in the output chain was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PrivilegedDockerOptions", + "name": "High level permissions configured in Edge model twin for Edge module", + "status": "Enabled" + }, + { + "recommendationType": "IoT_SharedCredentials", + "name": "Same Authentication Credentials used by multiple devices", + "status": "Disabled" + }, + { + "recommendationType": "IoT_VulnerableTLSCipherSuite", + "name": "TLS cipher suite upgrade", + "status": "Enabled" + } + ] + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByRg_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByRg_example.json new file mode 100644 index 000000000000..91a826fcd064 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByRg_example.json @@ -0,0 +1,124 @@ +{ + "parameters": { + "api-version": "2019-08-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "resourceGroupName": "MyGroup" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default", + "name": "default", + "location": "East Us", + "type": "Microsoft.Security/IoTSecuritySolutions", + "tags": {}, + "properties": { + "workspace": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1", + "status": "Enabled", + "export": [ ], + "disabledDataSources": [ ], + "displayName": "Solution Default", + "iotHubs": [ + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub" + ], + "userDefinedResources": { + "query": "where type != \"microsoft.devices/iothubs\" | where name contains \"iot\"", + "querySubscriptions": [ + "075423e9-7d33-4166-8bdf-3920b04e3735" + ] + }, + "autoDiscoveredResources": [ + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735", + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub" + ], + "recommendationsConfiguration": [ + { + "recommendationType": "IoT_ACRAuthentication", + "name": "Service Principal Not Used with ACR", + "status": "Enabled" + }, + { + "recommendationType": "IoT_AgentSendsUnutilizedMessages", + "name": "Agent sending underutilized messages", + "status": "TurnedOn" + }, + { + "recommendationType": "IoT_Baseline", + "name": "Operating system (OS) baseline validation failure", + "status": "Enabled" + }, + { + "recommendationType": "IoT_EdgeHubMemOptimize", + "name": "Edge Hub memory can be optimized", + "status": "Enabled" + }, + { + "recommendationType": "IoT_EdgeLoggingOptions", + "name": "No Logging Configured for Edge Module", + "status": "Enabled" + }, + { + "recommendationType": "IoT_InconsistentModuleSettings", + "name": "Module Settings Inconsistent in SecurityGroup", + "status": "Enabled" + }, + { + "recommendationType": "IoT_InstallAgent", + "name": "Install the Azure Security of Things Agent", + "status": "Enabled" + }, + { + "recommendationType": "IoT_IPFilter_DenyAll", + "name": "Default IP Filter Policy should be Deny", + "status": "Enabled" + }, + { + "recommendationType": "IoT_IPFilter_PermissiveRule", + "name": "IP Filter rule includes large IP range", + "status": "Enabled" + }, + { + "recommendationType": "IoT_OpenPorts", + "name": "Open Ports On Device", + "status": "Disabled" + }, + { + "recommendationType": "IoT_PermissiveFirewallPolicy", + "name": "Permissive firewall policy in one of the chains was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PermissiveInputFirewallRules", + "name": "Permissive firewall rule in the input chain was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PermissiveOutputFirewallRules", + "name": "Permissive firewall rule in the output chain was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PrivilegedDockerOptions", + "name": "High level permissions configured in Edge model twin for Edge module", + "status": "Enabled" + }, + { + "recommendationType": "IoT_SharedCredentials", + "name": "Same Authentication Credentials used by multiple devices", + "status": "Disabled" + }, + { + "recommendationType": "IoT_VulnerableTLSCipherSuite", + "name": "TLS cipher suite upgrade", + "status": "Enabled" + } + ] + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsList_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsList_example.json new file mode 100644 index 000000000000..a1f086805d86 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsList_example.json @@ -0,0 +1,234 @@ +{ + "parameters": { + "api-version": "2019-08-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default", + "name": "default", + "location": "East Us", + "type": "Microsoft.Security/IoTSecuritySolutions", + "tags": {}, + "properties": { + "workspace": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1", + "status": "Enabled", + "export": [ ], + "disabledDataSources": [ ], + "displayName": "Solution Default", + "iotHubs": [ + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub" + ], + "userDefinedResources": { + "query": "where type != \"microsoft.devices/iothubs\" | where name contains \"iot\"", + "querySubscriptions": [ + "075423e9-7d33-4166-8bdf-3920b04e3735" + ] + }, + "autoDiscoveredResources": [ + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735", + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub" + ], + "recommendationsConfiguration": [ + { + "recommendationType": "IoT_ACRAuthentication", + "name": "Service Principal Not Used with ACR", + "status": "Enabled" + }, + { + "recommendationType": "IoT_AgentSendsUnutilizedMessages", + "name": "Agent sending underutilized messages", + "status": "TurnedOn" + }, + { + "recommendationType": "IoT_Baseline", + "name": "Operating system (OS) baseline validation failure", + "status": "Enabled" + }, + { + "recommendationType": "IoT_EdgeHubMemOptimize", + "name": "Edge Hub memory can be optimized", + "status": "Enabled" + }, + { + "recommendationType": "IoT_EdgeLoggingOptions", + "name": "No Logging Configured for Edge Module", + "status": "Enabled" + }, + { + "recommendationType": "IoT_InconsistentModuleSettings", + "name": "Module Settings Inconsistent in SecurityGroup", + "status": "Enabled" + }, + { + "recommendationType": "IoT_InstallAgent", + "name": "Install the Azure Security of Things Agent", + "status": "Enabled" + }, + { + "recommendationType": "IoT_IPFilter_DenyAll", + "name": "Default IP Filter Policy should be Deny", + "status": "Enabled" + }, + { + "recommendationType": "IoT_IPFilter_PermissiveRule", + "name": "IP Filter rule includes large IP range", + "status": "Enabled" + }, + { + "recommendationType": "IoT_OpenPorts", + "name": "Open Ports On Device", + "status": "Disabled" + }, + { + "recommendationType": "IoT_PermissiveFirewallPolicy", + "name": "Permissive firewall policy in one of the chains was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PermissiveInputFirewallRules", + "name": "Permissive firewall rule in the input chain was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PermissiveOutputFirewallRules", + "name": "Permissive firewall rule in the output chain was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PrivilegedDockerOptions", + "name": "High level permissions configured in Edge model twin for Edge module", + "status": "Enabled" + }, + { + "recommendationType": "IoT_SharedCredentials", + "name": "Same Authentication Credentials used by multiple devices", + "status": "Disabled" + }, + { + "recommendationType": "IoT_VulnerableTLSCipherSuite", + "name": "TLS cipher suite upgrade", + "status": "Enabled" + } + ] + } + }, + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SecondGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/sec-solution", + "name": "sec-solution", + "location": "East Us", + "type": "Microsoft.Security/IoTSecuritySolutions", + "tags": { }, + "properties": { + "workspace": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1", + "status": "Enabled", + "export": [ + "RawEvents" + ], + "disabledDataSources": [ ], + "displayName": "Second Solution", + "iotHubs": [ + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/IotHubSecond" + ], + "userDefinedResources": { + "query": "where type != \"microsoft.devices/iothubs\" | where name contains \"iot\"", + "querySubscriptions": [ + "075423e9-7d33-4166-8bdf-3920b04e3735" + ] + }, + "autoDiscoveredResources": [ + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735", + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/IotHubSecond" + ], + "recommendationsConfiguration": [ + { + "recommendationType": "IoT_ACRAuthentication", + "name": "Service Principal Not Used with ACR", + "status": "Enabled" + }, + { + "recommendationType": "IoT_AgentSendsUnutilizedMessages", + "name": "Agent sending underutilized messages", + "status": "TurnedOn" + }, + { + "recommendationType": "IoT_Baseline", + "name": "Operating system (OS) baseline validation failure", + "status": "Enabled" + }, + { + "recommendationType": "IoT_EdgeHubMemOptimize", + "name": "Edge Hub memory can be optimized", + "status": "Enabled" + }, + { + "recommendationType": "IoT_EdgeLoggingOptions", + "name": "No Logging Configured for Edge Module", + "status": "Enabled" + }, + { + "recommendationType": "IoT_InconsistentModuleSettings", + "name": "Module Settings Inconsistent in SecurityGroup", + "status": "Enabled" + }, + { + "recommendationType": "IoT_InstallAgent", + "name": "Install the Azure Security of Things Agent", + "status": "Enabled" + }, + { + "recommendationType": "IoT_IPFilter_DenyAll", + "name": "Default IP Filter Policy should be Deny", + "status": "Enabled" + }, + { + "recommendationType": "IoT_IPFilter_PermissiveRule", + "name": "IP Filter rule includes large IP range", + "status": "Enabled" + }, + { + "recommendationType": "IoT_OpenPorts", + "name": "Open Ports On Device", + "status": "Disabled" + }, + { + "recommendationType": "IoT_PermissiveFirewallPolicy", + "name": "Permissive firewall policy in one of the chains was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PermissiveInputFirewallRules", + "name": "Permissive firewall rule in the input chain was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PermissiveOutputFirewallRules", + "name": "Permissive firewall rule in the output chain was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PrivilegedDockerOptions", + "name": "High level permissions configured in Edge model twin for Edge module", + "status": "Enabled" + }, + { + "recommendationType": "IoT_SharedCredentials", + "name": "Same Authentication Credentials used by multiple devices", + "status": "Disabled" + }, + { + "recommendationType": "IoT_VulnerableTLSCipherSuite", + "name": "TLS cipher suite upgrade", + "status": "Enabled" + } + ] + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/UpdateIoTSecuritySolution_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/UpdateIoTSecuritySolution_example.json new file mode 100644 index 000000000000..1124a2cd860f --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/UpdateIoTSecuritySolution_example.json @@ -0,0 +1,148 @@ +{ + "parameters": { + "api-version": "2019-08-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "resourceGroupName": "myRg", + "solutionName": "default", + "updateIotSecuritySolutionData": { + "tags": { + "foo": "bar" + }, + "properties": { + "userDefinedResources": { + "query": "where type != \"microsoft.devices/iothubs\" | where name contains \"v2\"", + "querySubscriptions": [ + "075423e9-7d33-4166-8bdf-3920b04e3735" + ] + }, + "recommendationsConfiguration": [ + { + "recommendationType": "IoT_OpenPorts", + "status": "Disabled" + }, + { + "recommendationType": "IoT_SharedCredentials", + "status": "Disabled" + } + ] + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/Locations/eastus/IoTSecuritySolutions/default", + "name": "default", + "type": "Microsoft.Security/IoTSecuritySolutions", + "location": "East Us", + "tags": { + "foo": "bar" + }, + "properties": { + "workspace": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1", + "status": "Enabled", + "export": [ + "RawEvents" + ], + "disabledDataSources": [ ], + "displayName": "Solution Default", + "iotHubs": [ + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub" + ], + "userDefinedResources": { + "query": "where type != \"microsoft.devices/iothubs\" | where name contains \"v2\"", + "querySubscriptions": [ + "075423e9-7d33-4166-8bdf-3920b04e3735" + ] + }, + "autoDiscoveredResources": [ + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735", + "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub" + ], + "recommendationsConfiguration": [ + { + "recommendationType": "IoT_ACRAuthentication", + "name": "Service Principal Not Used with ACR", + "status": "Enabled" + }, + { + "recommendationType": "IoT_AgentSendsUnutilizedMessages", + "name": "Agent sending underutilized messages", + "status": "TurnedOn" + }, + { + "recommendationType": "IoT_Baseline", + "name": "Operating system (OS) baseline validation failure", + "status": "Enabled" + }, + { + "recommendationType": "IoT_EdgeHubMemOptimize", + "name": "Edge Hub memory can be optimized", + "status": "Enabled" + }, + { + "recommendationType": "IoT_EdgeLoggingOptions", + "name": "No Logging Configured for Edge Module", + "status": "Enabled" + }, + { + "recommendationType": "IoT_InconsistentModuleSettings", + "name": "Module Settings Inconsistent in SecurityGroup", + "status": "Enabled" + }, + { + "recommendationType": "IoT_InstallAgent", + "name": "Install the Azure Security of Things Agent", + "status": "Enabled" + }, + { + "recommendationType": "IoT_IPFilter_DenyAll", + "name": "Default IP Filter Policy should be Deny", + "status": "Enabled" + }, + { + "recommendationType": "IoT_IPFilter_PermissiveRule", + "name": "IP Filter rule includes large IP range", + "status": "Enabled" + }, + { + "recommendationType": "IoT_OpenPorts", + "name": "Open Ports On Device", + "status": "Disabled" + }, + { + "recommendationType": "IoT_PermissiveFirewallPolicy", + "name": "Permissive firewall policy in one of the chains was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PermissiveInputFirewallRules", + "name": "Permissive firewall rule in the input chain was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PermissiveOutputFirewallRules", + "name": "Permissive firewall rule in the output chain was found", + "status": "Enabled" + }, + { + "recommendationType": "IoT_PrivilegedDockerOptions", + "name": "High level permissions configured in Edge model twin for Edge module", + "status": "Enabled" + }, + { + "recommendationType": "IoT_SharedCredentials", + "name": "Same Authentication Credentials used by multiple devices", + "status": "Disabled" + }, + { + "recommendationType": "IoT_VulnerableTLSCipherSuite", + "name": "TLS cipher suite upgrade", + "status": "Enabled" + } + ] + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAggregatedAlertList_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAggregatedAlertList_example.json new file mode 100644 index 000000000000..91c29bdf1d04 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAggregatedAlertList_example.json @@ -0,0 +1,54 @@ +{ + "parameters": { + "api-version": "2019-08-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "resourceGroupName": "MyGroup", + "solutionName": "default" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/IoT_Bruteforce_Fail/2019-02-02", + "name": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/IoT_Bruteforce_Fail/2019-02-02", + "type": "Microsoft.Security/IoTSecurityAggregatedAlert", + "properties": { + "alertType": "IoT_Bruteforce_Fail", + "alertDisplayName": "Failed Bruteforce", + "aggregatedDateUtc": "2019-02-02", + "vendorName": "Microsoft", + "reportedSeverity": "Low", + "remediationSteps": "", + "description": "Multiple unsuccsseful login attempts identified. A Bruteforce attack on the device failed.", + "count": 50, + "effectedResourceType": "IoT Device", + "systemSource": "Devices", + "actionTaken": "Detected", + "logAnalyticsQuery": "SecurityAlert | where tolower(ResourceId) == tolower('/subscriptions/b77ec8a9-04ed-48d2-a87a-e5887b978ba6/resourceGroups/IoT-Solution-DemoEnv/providers/Microsoft.Devices/IotHubs/rtogm-hub') and tolower(AlertName) == tolower('Custom Alert - number of device to cloud messages in MQTT protocol is not in the allowed range') | extend DeviceId=parse_json(ExtendedProperties)['DeviceId'] | project DeviceId, TimeGenerated, DisplayName, AlertSeverity, Description, RemediationSteps, ExtendedProperties" + } + }, + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/IoT_Bruteforce_Success/2019-02-02", + "name": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/IoT_Bruteforce_Success/2019-02-02", + "type": "Microsoft.Security/IoTSecurityAggregatedAlert", + "properties": { + "alertType": "IoT_Bruteforce_Success", + "alertDisplayName": "Successful Bruteforce", + "aggregatedDateUtc": "2019-02-02", + "vendorName": "Microsoft", + "reportedSeverity": "Low", + "remediationSteps": "", + "description": "Multiple unsuccsseful login attempts identified followed by a succssful login. A Bruteforce attack on the device was Successfule", + "count": 600000, + "effectedResourceType": "IoT Device", + "systemSource": "Devices", + "actionTaken": "Detected", + "logAnalyticsQuery": "SecurityAlert | where tolower(ResourceId) == tolower('/subscriptions/b77ec8a9-04ed-48d2-a87a-e5887b978ba6/resourceGroups/IoT-Solution-DemoEnv/providers/Microsoft.Devices/IotHubs/rtogm-hub') and tolower(AlertName) == tolower('Custom Alert - number of device to cloud messages in MQTT protocol is not in the allowed range') | extend DeviceId=parse_json(ExtendedProperties)['DeviceId'] | project DeviceId, TimeGenerated, DisplayName, AlertSeverity, Description, RemediationSteps, ExtendedProperties" + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAggregatedAlert_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAggregatedAlert_example.json new file mode 100644 index 000000000000..ceddc2e872b5 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAggregatedAlert_example.json @@ -0,0 +1,32 @@ +{ + "parameters": { + "api-version": "2019-08-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "resourceGroupName": "MyGroup", + "solutionName": "default", + "aggregatedAlertName": "IoT_Bruteforce_Fail/2019-02-02" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/IoT_Bruteforce_Fail/2019-02-02", + "name": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/IoT_Bruteforce_Fail/2019-02-02", + "type": "Microsoft.Security/IoTSecurityAggregatedAlert", + "properties": { + "alertType": "IoT_Bruteforce_Fail", + "alertDisplayName": "Failed Bruteforce", + "aggregatedDateUtc": "2019-02-02", + "vendorName": "Microsoft", + "reportedSeverity": "Low", + "remediationSteps": "", + "description": "Multiple unsuccsseful login attempts identified. A Bruteforce attack on the device failed.", + "count": 50, + "effectedResourceType": "IoT Device", + "systemSource": "Devices", + "actionTaken": "Detected", + "logAnalyticsQuery": "SecurityAlert | where tolower(ResourceId) == tolower('/subscriptions/b77ec8a9-04ed-48d2-a87a-e5887b978ba6/resourceGroups/IoT-Solution-DemoEnv/providers/Microsoft.Devices/IotHubs/rtogm-hub') and tolower(AlertName) == tolower('Custom Alert - number of device to cloud messages in MQTT protocol is not in the allowed range') | extend DeviceId=parse_json(ExtendedProperties)['DeviceId'] | project DeviceId, TimeGenerated, DisplayName, AlertSeverity, Description, RemediationSteps, ExtendedProperties" + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalyticsList_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalyticsList_example.json new file mode 100644 index 000000000000..099649b79f64 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalyticsList_example.json @@ -0,0 +1,95 @@ +{ + "parameters": { + "api-version": "2019-08-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "resourceGroupName": "MyGroup", + "solutionName": "default" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default", + "name": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default", + "type": "Microsoft.Security/IoTSecuritySolutionAnalyticsModelList", + "properties": { + "metrics": { + "high": 5, + "medium": 200, + "low": 102 + }, + "unhealthyDeviceCount": 1200, + "devicesMetrics": [ + { + "date": "2019-02-01T00:00:00Z", + "devicesMetrics": { + "high": 3, + "medium": 15, + "low": 70 + } + }, + { + "date": "2019-02-02T00:00:00Z", + "devicesMetrics": { + "high": 3, + "medium": 45, + "low": 65 + } + } + ], + "topAlertedDevices": [ + { + "deviceId": "id1", + "alertsCount": 200 + }, + { + "deviceId": "id2", + "alertsCount": 170 + }, + { + "deviceId": "id3", + "alertsCount": 150 + } + ], + "mostPrevalentDeviceAlerts": [ + { + "alertDisplayName": "Custom Alert - number of device to cloud messages in AMQP protocol is not in the allowed range", + "reportedSeverity": "Low", + "devicesCount": 200 + }, + { + "alertDisplayName": "Custom Alert - execution of a process that is not allowed", + "reportedSeverity": "Medium", + "devicesCount": 170 + }, + { + "alertDisplayName": "Successful Bruteforce", + "reportedSeverity": "Low", + "devicesCount": 150 + } + ], + "mostPrevalentDeviceRecommendations": [ + { + "recommendationDisplayName": "Install the Azure Security of Things Agent", + "reportedSeverity": "Low", + "devicesCount": 200 + }, + { + "recommendationDisplayName": "High level permissions configured in Edge model twin for Edge module", + "reportedSeverity": "Low", + "devicesCount": 170 + }, + { + "recommendationDisplayName": "Same Authentication Credentials used by multiple devices", + "reportedSeverity": "Medium", + "devicesCount": 150 + } + ] + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalytics_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalytics_example.json new file mode 100644 index 000000000000..a7337a494529 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalytics_example.json @@ -0,0 +1,91 @@ +{ + "parameters": { + "api-version": "2019-08-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "resourceGroupName": "MyGroup", + "solutionName": "default" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default", + "name": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default", + "type": "Microsoft.Security/IoTSecuritySolutionAnalyticsModel", + "properties": { + "metrics": { + "high": 5, + "medium": 200, + "low": 102 + }, + "unhealthyDeviceCount": 1200, + "devicesMetrics": [ + { + "date": "2019-02-01T00:00:00Z", + "devicesMetrics": { + "high": 3, + "medium": 15, + "low": 70 + } + }, + { + "date": "2019-02-02T00:00:00Z", + "devicesMetrics": { + "high": 3, + "medium": 45, + "low": 65 + } + } + ], + "topAlertedDevices": [ + { + "deviceId": "id1", + "alertsCount": 200 + }, + { + "deviceId": "id2", + "alertsCount": 170 + }, + { + "deviceId": "id3", + "alertsCount": 150 + } + ], + "mostPrevalentDeviceAlerts": [ + { + "alertDisplayName": "Custom Alert - number of device to cloud messages in AMQP protocol is not in the allowed range", + "reportedSeverity": "Low", + "alertsCount": 200 + }, + { + "alertDisplayName": "Custom Alert - execution of a process that is not allowed", + "reportedSeverity": "Medium", + "alertsCount": 170 + }, + { + "alertDisplayName": "Successful Bruteforce", + "reportedSeverity": "Low", + "alertsCount": 150 + } + ], + "mostPrevalentDeviceRecommendations": [ + { + "recommendationDisplayName": "Install the Azure Security of Things Agent", + "reportedSeverity": "Low", + "devicesCount": 200 + }, + { + "recommendationDisplayName": "High level permissions configured in Edge model twin for Edge module", + "reportedSeverity": "Low", + "devicesCount": 170 + }, + { + "recommendationDisplayName": "Same Authentication Credentials used by multiple devices", + "reportedSeverity": "Medium", + "devicesCount": 150 + } + ] + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendationList_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendationList_example.json new file mode 100644 index 000000000000..3a331b30297d --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendationList_example.json @@ -0,0 +1,50 @@ +{ + "parameters": { + "api-version": "2019-08-01", + "subscriptionId": "075423e9-7d33-4166-8bdf-3920b04e3735", + "resourceGroupName": "IoTEdgeResources", + "solutionName": "default" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/OpenPortsOnDevice", + "name": "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/OpenPortsOnDevice", + "type": "Microsoft.Security/IoTSecurityAggregatedRecommendation", + "properties": { + "recommendationName": "OpenPortsOnDevice", + "recommendationDisplayName": "Permissive firewall policy in one of the chains was found", + "description": "An allowed firewall policy was found in main firewall Chains (INPUT/OUTPUT). The policy should Deny all traffic by default define rules to allow necessary communication to/from the device", + "recommendationTypeId": "{20ff7fc3-e762-44dd-bd96-b71116dcdc23}", + "detectedBy": "Microsoft", + "reportedSeverity": "Low", + "remediationSteps": "", + "healthyDevices": 10000, + "unhealthyDeviceCount": 200, + "logAnalyticsQuery": "SecurityRecommendation | where tolower(AssessedResourceId) == tolower('/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Devices/IotHubs/t-ofdadu-hub') and tolower(RecommendationName) == tolower('OpenPortsOnDevice')" + } + }, + { + "id": "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/TooLargeIPRange", + "name": "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/IoT_InstallAgent", + "type": "Microsoft.Security/IoTSecurityAggregatedRecommendation", + "properties": { + "recommendationName": "TooLargeIPRange", + "recommendationDisplayName": "Permissive firewall policy in one of the chains was found", + "description": "An allow IP filter rule source IP range is too large. Overly permissive rules can expose your IoT hub to malicious actors.", + "recommendationTypeId": "{20ff7fc3-e762-44dd-bd96-b71116dcdc23}", + "detectedBy": "Microsoft", + "reportedSeverity": "High", + "remediationSteps": "", + "healthyDevices": 130000, + "unhealthyDeviceCount": 1, + "logAnalyticsQuery": "SecurityRecommendation | where tolower(AssessedResourceId) == tolower('/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Devices/IotHubs/t-ofdadu-hub') and tolower(RecommendationName) == tolower('TooLargeIPRange')" + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendation_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendation_example.json new file mode 100644 index 000000000000..51b44a0c90c2 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendation_example.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "api-version": "2019-08-01", + "subscriptionId": "075423e9-7d33-4166-8bdf-3920b04e3735", + "resourceGroupName": "IoTEdgeResources", + "solutionName": "default", + "aggregatedRecommendationName": "OpenPortsOnDevice" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/OpenPortsOnDevice", + "name": "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/OpenPortsOnDevice", + "type": "Microsoft.Security/IoTSecurityAggregatedRecommendation", + "properties": { + "recommendationName": "OpenPortsOnDevice", + "recommendationDisplayName": "Permissive firewall policy in one of the chains was found", + "description": "An allowed firewall policy was found in main firewall Chains (INPUT/OUTPUT). The policy should Deny all traffic by default define rules to allow necessary communication to/from the device", + "recommendationTypeId": "{20ff7fc3-e762-44dd-bd96-b71116dcdc23}", + "detectedBy": "Microsoft", + "reportedSeverity": "Low", + "remediationSteps": "", + "healthyDevices": 10000, + "unhealthyDeviceCount": 200, + "logAnalyticsQuery": "SecurityRecommendation | where tolower(AssessedResourceId) == tolower('/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Devices/IotHubs/t-ofdadu-hub') and tolower(RecommendationName) == tolower('OpenPortsOnDevice')" + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/PostIoTSecuritySolutionsSecurityAggregatedAlertDismiss_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/PostIoTSecuritySolutionsSecurityAggregatedAlertDismiss_example.json new file mode 100644 index 000000000000..0d2c25cde954 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/PostIoTSecuritySolutionsSecurityAggregatedAlertDismiss_example.json @@ -0,0 +1,12 @@ +{ + "parameters": { + "api-version": "2019-08-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "resourceGroupName": "IoTEdgeResources", + "solutionName": "default", + "aggregatedAlertName": "IoT_Bruteforce_Fail/2019-02-02/dismiss" + }, + "responses": { + "200": {} + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotSecuritySolutionAnalytics.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotSecuritySolutionAnalytics.json new file mode 100644 index 000000000000..69f53b3b6072 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotSecuritySolutionAnalytics.json @@ -0,0 +1,916 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Center", + "description": "API spec for Microsoft.Security (Azure Security Center) resource provider", + "version": "2019-08-01" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/analyticsModels": { + "get": { + "x-ms-examples": { + "Get Security Solutions Analytics": { + "$ref": "./examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalyticsList_example.json" + } + }, + "tags": [ + "IoT Security Solutions Analytics" + ], + "description": "Security Analytics of a security solution", + "operationId": "IoTSecuritySolutionsAnalytics_GetAll", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/SolutionName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IoTSecuritySolutionAnalyticsModelList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/analyticsModels/default": { + "get": { + "x-ms-examples": { + "Get Security Solutions Analytics": { + "$ref": "./examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalytics_example.json" + } + }, + "tags": [ + "IoT Security Solutions Analytics" + ], + "description": "Security Analytics of a security solution", + "operationId": "IoTSecuritySolutionsAnalytics_GetDefault", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/SolutionName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IoTSecuritySolutionAnalyticsModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/analyticsModels/default/aggregatedAlerts": { + "get": { + "x-ms-examples": { + "Get Security Solutions Analytics": { + "$ref": "./examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAggregatedAlertList_example.json" + } + }, + "tags": [ + "IoT Security Solutions Analytics" + ], + "description": "Security Analytics of a security solution", + "operationId": "IoTSecuritySolutionsAnalyticsAggregatedAlerts_List", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/SolutionName" + }, + { + "name": "$top", + "in": "query", + "description": "The number of results to retrieve.", + "required": false, + "type": "integer" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IoTSecurityAggregatedAlertList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/analyticsModels/default/aggregatedAlerts/{aggregatedAlertName}": { + "get": { + "x-ms-examples": { + "Get Security Solutions Analytics": { + "$ref": "./examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAggregatedAlert_example.json" + } + }, + "tags": [ + "IoT Security Solutions Analytics" + ], + "description": "Security Analytics of a security solution", + "operationId": "IoTSecuritySolutionsAnalyticsAggregatedAlert_Get", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/SolutionName" + }, + { + "$ref": "#/parameters/AggregatedAlertName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IoTSecurityAggregatedAlert" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/analyticsModels/default/aggregatedAlerts/{aggregatedAlertName}/dismiss": { + "post": { + "x-ms-examples": { + "Get Security Solutions Analytics": { + "$ref": "./examples/IoTSecuritySolutionsAnalytics/PostIoTSecuritySolutionsSecurityAggregatedAlertDismiss_example.json" + } + }, + "tags": [ + "IoT Security Solutions Analytics" + ], + "description": "Security Analytics of a security solution", + "operationId": "IoTSecuritySolutionsAnalyticsAggregatedAlert_Dismiss", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/SolutionName" + }, + { + "$ref": "#/parameters/AggregatedAlertName" + } + ], + "responses": { + "200": { + "description": "Dismissed" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/analyticsModels/default/aggregatedRecommendations/{aggregatedRecommendationName}": { + "get": { + "x-ms-examples": { + "Get Security Solutions Analytics": { + "$ref": "./examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendation_example.json" + } + }, + "tags": [ + "IoT Security Solutions Analytics" + ], + "description": "Security Analytics of a security solution", + "operationId": "IoTSecuritySolutionsAnalyticsRecommendation_Get", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/SolutionName" + }, + { + "$ref": "#/parameters/AggregatedRecommendationName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IoTSecurityAggregatedRecommendation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/analyticsModels/default/aggregatedRecommendations": { + "get": { + "x-ms-examples": { + "Get Security Solutions Analytics": { + "$ref": "./examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendationList_example.json" + } + }, + "tags": [ + "IoT Security Solutions Analytics" + ], + "description": "Security Analytics of a security solution", + "operationId": "IoTSecuritySolutionsAnalyticsRecommendations_List", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/SolutionName" + }, + { + "name": "$top", + "in": "query", + "description": "The number of results to retrieve.", + "required": false, + "type": "integer" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IoTSecurityAggregatedRecommendationList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + } + }, + "definitions": { + "IoTSeverityMetrics": { + "type": "object", + "description": "Severity metrics", + "properties": { + "high": { + "type": "integer", + "description": "count of high severity items" + }, + "medium": { + "type": "integer", + "description": "count of medium severity items" + }, + "low": { + "type": "integer", + "description": "count of low severity items" + } + } + }, + "IoTSecuritySolutionAnalyticsModel": { + "type": "object", + "description": "Security Analytics of a security solution", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "description": "Security Solution Aggregated Alert data", + "$ref": "#/definitions/IoTSecuritySolutionAnalyticsModelProperties" + } + }, + "allOf": [ + { + "$ref": "../../../common/v1/types.json#/definitions/Resource" + } + ] + }, + "IoTSecuritySolutionAnalyticsModelProperties": { + "description": "Security Analytics of a security solution properties", + "properties": { + "metrics": { + "type": "object", + "$ref": "#/definitions/IoTSeverityMetrics", + "description": "Security Analytics of a security solution", + "readOnly": true + }, + "unhealthyDeviceCount": { + "type": "integer", + "readOnly": true, + "description": "number of unhealthy devices" + }, + "devicesMetrics": { + "description": "The list of devices metrics by the aggregated date.", + "type": "array", + "readOnly": true, + "items": { + "properties": { + "date": { + "type": "string", + "format": "date-time", + "description": "the date of the metrics" + }, + "devicesMetrics": { + "type": "object", + "$ref": "#/definitions/IoTSeverityMetrics", + "description": "devices alerts count by severity." + } + } + } + }, + "topAlertedDevices": { + "description": "The list of top 3 devices with the most attacked.", + "type": "object", + "$ref": "#/definitions/IoTSecurityAlertedDevicesList" + }, + "mostPrevalentDeviceAlerts": { + "description": "The list of most prevalent 3 alerts.", + "type": "object", + "$ref": "#/definitions/IoTSecurityDeviceAlertsList" + }, + "mostPrevalentDeviceRecommendations": { + "description": "The list of most prevalent 3 recommendations.", + "type": "object", + "$ref": "#/definitions/IoTSecurityDeviceRecommendationsList" + } + } + }, + "IoTSecuritySolutionAnalyticsModelList": { + "description": "List of Security Analytics of a security solution", + "required": [ + "value" + ], + "properties": { + "value": { + "type": "array", + "description": "List of Security Analytics of a security solution", + "items": { + "$ref": "#/definitions/IoTSecuritySolutionAnalyticsModel" + } + }, + "nextLink": { + "readOnly": true, + "type": "string", + "description": "The URI to fetch the next page." + } + } + }, + "IoTSecurityAggregatedAlertList": { + "description": "List of IoT aggregated security alerts", + "required": [ + "value" + ], + "properties": { + "value": { + "type": "array", + "description": "List of aggregated alerts data", + "items": { + "$ref": "#/definitions/IoTSecurityAggregatedAlert" + } + }, + "nextLink": { + "readOnly": true, + "type": "string", + "description": "The URI to fetch the next page." + } + } + }, + "IoTSecurityAggregatedRecommendationList": { + "description": "List of IoT aggregated security recommendations", + "required": [ + "value" + ], + "properties": { + "value": { + "type": "array", + "description": "List of aggregated alerts data", + "items": { + "$ref": "#/definitions/IoTSecurityAggregatedRecommendation" + } + }, + "nextLink": { + "readOnly": true, + "type": "string", + "description": "The URI to fetch the next page." + } + } + }, + "IoTSecurityAlertedDevicesList": { + "description": "List of devices with the count of raised alerts", + "required": [ + "value" + ], + "properties": { + "value": { + "type": "array", + "description": "List of aggregated alerts data", + "items": { + "$ref": "#/definitions/IoTSecurityAlertedDevice" + } + }, + "nextLink": { + "readOnly": true, + "type": "string", + "description": "The URI to fetch the next page." + } + } + }, + "IoTSecurityDeviceAlertsList": { + "description": "List of alerts with the count of raised alerts", + "required": [ + "value" + ], + "properties": { + "value": { + "type": "array", + "description": "List of top alerts data", + "items": { + "$ref": "#/definitions/IoTSecurityDeviceAlert" + } + }, + "nextLink": { + "readOnly": true, + "type": "string", + "description": "The URI to fetch the next page." + } + } + }, + "IoTSecurityDeviceRecommendationsList": { + "description": "List of recommendations with the count of devices", + "required": [ + "value" + ], + "properties": { + "value": { + "type": "array", + "description": "List of aggregated recommendation data", + "items": { + "$ref": "#/definitions/IoTSecurityDeviceRecommendation" + } + }, + "nextLink": { + "readOnly": true, + "type": "string", + "description": "The URI to fetch the next page." + } + } + }, + "IoTSecurityAggregatedAlert": { + "type": "object", + "description": "Security Solution Aggregated Alert information", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "description": "Security Solution Aggregated Alert data", + "$ref": "#/definitions/IoTSecurityAggregatedAlertProperties" + } + }, + "allOf": [ + { + "$ref": "../../../common/v1/types.json#/definitions/Resource" + }, + { + "$ref": "#/definitions/TagsResource" + } + ] + }, + "IoTSecurityAggregatedAlertProperties": { + "type": "object", + "description": "Security Solution Aggregated Alert data", + "properties": { + "alertType": { + "readOnly": true, + "type": "string", + "description": "Name of the alert type" + }, + "alertDisplayName": { + "readOnly": true, + "type": "string", + "description": "Display name of the alert type" + }, + "aggregatedDateUtc": { + "readOnly": true, + "type": "string", + "format": "date", + "description": "The date the incidents were detected by the vendor" + }, + "vendorName": { + "readOnly": true, + "type": "string", + "description": "Name of the vendor that discovered the incident" + }, + "reportedSeverity": { + "readOnly": true, + "type": "string", + "enum": [ + "Informational", + "Low", + "Medium", + "High" + ], + "x-ms-enum": { + "name": "reportedSeverity", + "modelAsString": true, + "values": [ + { + "value": "Informational" + }, + { + "value": "Low" + }, + { + "value": "Medium" + }, + { + "value": "High" + } + ] + }, + "description": "Estimated severity of this alert" + }, + "remediationSteps": { + "readOnly": true, + "type": "string", + "description": "Recommended steps for remediation" + }, + "description": { + "readOnly": true, + "type": "string", + "description": "Description of the incident and what it means" + }, + "count": { + "readOnly": true, + "type": "integer", + "description": "Occurrence number of the alert within the aggregated date" + }, + "effectedResourceType": { + "readOnly": true, + "type": "string", + "description": "Azure resource ID of the resource that got the alerts" + }, + "systemSource": { + "readOnly": true, + "type": "string", + "description": "The type of the alerted resource (Azure, Non-Azure)" + }, + "actionTaken": { + "readOnly": true, + "type": "string", + "description": "The action that was taken as a response to the alert (Active, Blocked etc.)" + }, + "logAnalyticsQuery": { + "readOnly": true, + "type": "string", + "description": "query in log analytics to get the list of affected devices/alerts" + } + } + }, + "IoTSecurityAggregatedRecommendation": { + "type": "object", + "description": "Security Solution Recommendation Information", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "description": "Security Solution data", + "$ref": "#/definitions/IoTSecurityAggregatedRecommendationProperties" + } + }, + "allOf": [ + { + "$ref": "../../../common/v1/types.json#/definitions/Resource" + }, + { + "$ref": "#/definitions/TagsResource" + } + ] + }, + "IoTSecurityAggregatedRecommendationProperties": { + "type": "object", + "description": "Security Solution Recommendation Information", + "properties": { + "recommendationName": { + "type": "string", + "description": "Name of the recommendation" + }, + "recommendationDisplayName": { + "readOnly": true, + "type": "string", + "description": "Display name of the recommendation type." + }, + "description": { + "readOnly": true, + "type": "string", + "description": "Description of the incident and what it means" + }, + "recommendationTypeId": { + "description": "The recommendation-type GUID.", + "type": "string", + "readOnly": true + }, + "detectedBy": { + "readOnly": true, + "type": "string", + "description": "Name of the vendor that discovered the issue" + }, + "remediationSteps": { + "readOnly": true, + "type": "string", + "description": "Recommended steps for remediation" + }, + "reportedSeverity": { + "readOnly": true, + "type": "string", + "enum": [ + "Informational", + "Low", + "Medium", + "High" + ], + "x-ms-enum": { + "name": "reportedSeverity", + "modelAsString": true, + "values": [ + { + "value": "Informational" + }, + { + "value": "Low" + }, + { + "value": "Medium" + }, + { + "value": "High" + } + ] + }, + "description": "Estimated severity of this recommendation" + }, + "healthyDevices": { + "readOnly": true, + "type": "integer", + "description": "the number of the healthy devices within the solution" + }, + "unhealthyDeviceCount": { + "readOnly": true, + "type": "integer", + "description": "the number of the unhealthy devices within the solution" + }, + "logAnalyticsQuery": { + "readOnly": true, + "type": "string", + "description": "query in log analytics to get the list of affected devices/alerts" + } + } + }, + "IoTSecurityAlertedDevice": { + "type": "object", + "description": "Statistic information about the number of alerts per device during the last period", + "properties": { + "deviceId": { + "readOnly": true, + "type": "string", + "description": "Name of the alert type" + }, + "alertsCount": { + "readOnly": true, + "type": "integer", + "description": "the number of alerts raised for this device" + } + } + }, + "IoTSecurityDeviceAlert": { + "type": "object", + "description": "Statistic information about the number of alerts per alert type during the last period", + "properties": { + "alertDisplayName": { + "readOnly": true, + "type": "string", + "description": "Display name of the alert" + }, + "reportedSeverity": { + "readOnly": true, + "type": "string", + "enum": [ + "Informational", + "Low", + "Medium", + "High" + ], + "x-ms-enum": { + "name": "reportedSeverity", + "modelAsString": true, + "values": [ + { + "value": "Informational" + }, + { + "value": "Low" + }, + { + "value": "Medium" + }, + { + "value": "High" + } + ] + }, + "description": "Estimated severity of this alert" + }, + "alertsCount": { + "readOnly": true, + "type": "integer", + "description": "the number of alerts raised for this alert type" + } + } + }, + "IoTSecurityDeviceRecommendation": { + "type": "object", + "description": "Statistic information about the number of recommendations per recommendation type", + "properties": { + "recommendationDisplayName": { + "readOnly": true, + "type": "string", + "description": "Display name of the recommendation" + }, + "reportedSeverity": { + "readOnly": true, + "type": "string", + "enum": [ + "Informational", + "Low", + "Medium", + "High" + ], + "x-ms-enum": { + "name": "reportedSeverity", + "modelAsString": true, + "values": [ + { + "value": "Informational" + }, + { + "value": "Low" + }, + { + "value": "Medium" + }, + { + "value": "High" + } + ] + }, + "description": "Estimated severity of this recommendation" + }, + "devicesCount": { + "readOnly": true, + "type": "integer", + "description": "the number of device with this recommendation" + } + } + }, + "TagsResource": { + "properties": { + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Resource tags" + } + }, + "description": "A container holding only the Tags for a resource, allowing the user to update the tags." + } + }, + "parameters": { + "SolutionName": { + "name": "solutionName", + "in": "path", + "required": true, + "description": "The solution manager name", + "type": "string", + "x-ms-parameter-location": "method" + }, + "AggregatedAlertName": { + "name": "aggregatedAlertName", + "in": "path", + "required": true, + "description": "Identifier of the aggregated alert", + "type": "string", + "x-ms-parameter-location": "method" + }, + "AggregatedRecommendationName": { + "name": "aggregatedRecommendationName", + "in": "path", + "required": true, + "description": "Identifier of the aggregated recommendation", + "type": "string", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotSecuritySolutions.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotSecuritySolutions.json new file mode 100644 index 000000000000..1fc9e82ba092 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotSecuritySolutions.json @@ -0,0 +1,659 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Center", + "description": "API spec for Microsoft.Security (Azure Security Center) resource provider", + "version": "2019-08-01" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/providers/Microsoft.Security/iotSecuritySolutions": { + "get": { + "x-ms-examples": { + "Get Security Solutions list": { + "$ref": "./examples/IoTSecuritySolutions/GetIoTSecuritySolutionsList_example.json" + }, + "Get Security Solutions list By IotHub": { + "$ref": "./examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByIotHub_example.json" + } + }, + "tags": [ + "IoT Security Solutions" + ], + "description": "List of security solutions", + "operationId": "IoTSecuritySolutions_List", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/FilterParam" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IoTSecuritySolutionsList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions": { + "get": { + "x-ms-examples": { + "Get Security Solutions list": { + "$ref": "./examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByRg_example.json" + }, + "Get Security Solutions list By IotHub": { + "$ref": "./examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByIotHubAndRg_example.json" + } + }, + "tags": [ + "IoT Security Solutions" + ], + "description": "List of security solutions", + "operationId": "IoTSecuritySolutionsResourceGroup_List", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/FilterParam" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IoTSecuritySolutionsList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}": { + "get": { + "x-ms-examples": { + "Get an iot security solution": { + "$ref": "./examples/IoTSecuritySolutions/GetIoTSecuritySolution_example.json" + } + }, + "tags": [ + "IoT Security Solutions" + ], + "description": "Details of a specific iot security solution", + "operationId": "IotSecuritySolution_Get", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/SolutionName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/IoTSecuritySolutionModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Create an iot security solution": { + "$ref": "./examples/IoTSecuritySolutions/CreateIoTSecuritySolution_example.json" + } + }, + "tags": [ + "IoT Security Solutions" + ], + "description": "Create new solution manager", + "operationId": "IotSecuritySolution_Create", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/SolutionName" + }, + { + "$ref": "#/parameters/IotSecuritySolutionData" + } + ], + "responses": { + "200": { + "description": "Updated", + "schema": { + "$ref": "#/definitions/IoTSecuritySolutionModel" + } + }, + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/IoTSecuritySolutionModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + }, + "patch": { + "x-ms-examples": { + "Update an iot security solution": { + "$ref": "./examples/IoTSecuritySolutions/UpdateIoTSecuritySolution_example.json" + } + }, + "tags": [ + "IoT Security Solutions" + ], + "description": "update existing Security Solution tags or user defined resources. To update other fields use the CreateOrUpdate method", + "operationId": "IotSecuritySolution_Update", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/SolutionName" + }, + { + "$ref": "#/parameters/UpdateIotSecuritySolution" + } + ], + "responses": { + "200": { + "description": "Updated", + "schema": { + "$ref": "#/definitions/IoTSecuritySolutionModel" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Create an iot security solution": { + "$ref": "./examples/IoTSecuritySolutions/DeleteIoTSecuritySolution_example.json" + } + }, + "tags": [ + "IoT Security Solutions" + ], + "description": "Create new solution manager", + "operationId": "IotSecuritySolution_Delete", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" + }, + { + "$ref": "#/parameters/SolutionName" + } + ], + "responses": { + "200": { + "description": "Security Solution deleted" + }, + "204": { + "description": "Security Solution was not exists" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "TagsResource": { + "properties": { + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Resource tags" + } + }, + "description": "A container holding only the Tags for a resource, allowing the user to update the tags." + }, + "IoTSecuritySolutionsList": { + "description": "List of iot solutions", + "required": [ + "value" + ], + "properties": { + "value": { + "type": "array", + "description": "List of security solutions", + "items": { + "$ref": "#/definitions/IoTSecuritySolutionModel" + } + }, + "nextLink": { + "readOnly": true, + "type": "string", + "description": "The URI to fetch the next page." + } + } + }, + "IoTSecuritySolutionModel": { + "type": "object", + "description": "Security Solution", + "properties": { + "location": { + "type": "string", + "description": "The resource location." + }, + "properties": { + "x-ms-client-flatten": true, + "description": "Security Solution data", + "$ref": "#/definitions/IoTSecuritySolutionProperties" + } + }, + "allOf": [ + { + "$ref": "../../../common/v1/types.json#/definitions/Resource" + }, + { + "$ref": "#/definitions/TagsResource" + } + ] + }, + "IoTSecuritySolutionProperties": { + "type": "object", + "description": "Security Solution setting data", + "properties": { + "workspace": { + "type": "string", + "description": "Workspace resource ID" + }, + "displayName": { + "type": "string", + "description": "Resource display name." + }, + "status": { + "type": "string", + "enum": [ + "Enabled", + "Disabled" + ], + "default": "Enabled", + "description": "Security solution status", + "x-ms-enum": { + "name": "SecuritySolutionStatus", + "modelAsString": true + } + }, + "export": { + "type": "array", + "items": { + "enum": [ + "RawEvents" + ], + "type": "string", + "x-ms-enum": { + "name": "ExportData", + "modelAsString": true, + "values": [ + { + "value": "RawEvents", + "description": "Agent raw events" + } + ] + } + }, + "description": "List of additional export to workspace data options" + }, + "disabledDataSources": { + "type": "array", + "items": { + "enum": [ + "TwinData" + ], + "type": "string", + "x-ms-enum": { + "name": "DataSource", + "modelAsString": true, + "values": [ + { + "value": "TwinData", + "description": "Devices twin data" + } + ] + } + }, + "description": "Disabled data sources. Disabling these data sources compromises the system." + }, + "iotHubs": { + "type": "array", + "description": "IoT Hub resource IDs", + "items": { + "type": "string" + } + }, + "userDefinedResources": { + "$ref": "#/definitions/UserDefinedResourcesProperties" + }, + "autoDiscoveredResources": { + "type": "array", + "description": "List of resources that were automatically discovered as relevant to the security solution.", + "items": { + "type": "string" + }, + "readOnly": true + }, + "recommendationsConfiguration": { + "$ref": "#/definitions/RecommendationConfigurationList" + } + }, + "required": [ + "iotHubs", + "workspace", + "displayName" + ] + }, + "UserDefinedResourcesProperties": { + "type": "object", + "description": "Properties of the solution's user defined resources.", + "properties": { + "query": { + "type": "string", + "x-nullable": true, + "description": "Azure Resource Graph query which represents the security solution's user defined resources. Required to start with \"where type != \"Microsoft.Devices/IotHubs\"\"" + }, + "querySubscriptions": { + "type": "array", + "x-nullable": true, + "description": "List of Azure subscription ids on which the user defined resources query should be executed.", + "items": { + "type": "string", + "pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$" + } + } + }, + "required": [ + "query", + "querySubscriptions" + ] + }, + "RecommendationConfigurationProperties": { + "type": "object", + "description": "Recommendation configuration", + "properties": { + "recommendationType": { + "type": "string", + "description": "The recommendation type.", + "enum": [ + "IoT_ACRAuthentication", + "IoT_AgentSendsUnutilizedMessages", + "IoT_Baseline", + "IoT_EdgeHubMemOptimize", + "IoT_EdgeLoggingOptions", + "IoT_InconsistentModuleSettings", + "IoT_InstallAgent", + "IoT_IPFilter_DenyAll", + "IoT_IPFilter_PermissiveRule", + "IoT_OpenPorts", + "IoT_PermissiveFirewallPolicy", + "IoT_PermissiveInputFirewallRules", + "IoT_PermissiveOutputFirewallRules", + "IoT_PrivilegedDockerOptions", + "IoT_SharedCredentials", + "IoT_VulnerableTLSCipherSuite" + ], + "x-ms-enum": { + "name": "RecommendationType", + "modelAsString": true, + "values": [ + { + "value": "IoT_ACRAuthentication", + "description": "Authentication schema used for pull an edge module from an ACR repository does not use Service Principal Authentication." + }, + { + "value": "IoT_AgentSendsUnutilizedMessages", + "description": "IoT agent message size capacity is currently underutilized, causing an increase in the number of sent messages. Adjust message intervals for better utilization." + }, + { + "value": "IoT_Baseline", + "description": "Identified security related system configuration issues." + }, + { + "value": "IoT_EdgeHubMemOptimize", + "description": "You can optimize Edge Hub memory usage by turning off protocol heads for any protocols not used by Edge modules in your solution." + }, + { + "value": "IoT_EdgeLoggingOptions", + "description": "Logging is disabled for this edge module." + }, + { + "value": "IoT_InconsistentModuleSettings", + "description": "A minority within a device security group has inconsistent Edge Module settings with the rest of their group." + }, + { + "value": "IoT_InstallAgent", + "description": "Install the Azure Security of Things Agent." + }, + { + "value": "IoT_IPFilter_DenyAll", + "description": "IP Filter Configuration should have rules defined for allowed traffic and should deny all other traffic by default." + }, + { + "value": "IoT_IPFilter_PermissiveRule", + "description": "An Allow IP Filter rules source IP range is too large. Overly permissive rules might expose your IoT hub to malicious intenders." + }, + { + "value": "IoT_OpenPorts", + "description": "A listening endpoint was found on the device." + }, + { + "value": "IoT_PermissiveFirewallPolicy", + "description": "An Allowed firewall policy was found (INPUT/OUTPUT). The policy should Deny all traffic by default and define rules to allow necessary communication to/from the device." + }, + { + "value": "IoT_PermissiveInputFirewallRules", + "description": "A rule in the firewall has been found that contains a permissive pattern for a wide range of IP addresses or Ports." + }, + { + "value": "IoT_PermissiveOutputFirewallRules", + "description": "A rule in the firewall has been found that contains a permissive pattern for a wide range of IP addresses or Ports." + }, + { + "value": "IoT_PrivilegedDockerOptions", + "description": "Edge module is configured to run in privileged mode, with extensive Linux capabilities or with host-level network access (send/receive data to host machine)." + }, + { + "value": "IoT_SharedCredentials", + "description": "Same authentication credentials to the IoT Hub used by multiple devices. This could indicate an illegitimate device impersonating a legitimate device. It also exposes the risk of device impersonation by an attacker." + }, + { + "value": "IoT_VulnerableTLSCipherSuite", + "description": "Insecure TLS configurations detected. Immediate upgrade recommended." + } + ] + } + }, + "name": { + "type": "string", + "readOnly": true + }, + "status": { + "type": "string", + "enum": [ + "Disabled", + "Enabled" + ], + "default": "Enabled", + "description": "Recommendation status. The recommendation is not generated when the status is disabled", + "x-ms-enum": { + "name": "RecommendationConfigStatus", + "modelAsString": true + } + } + }, + "required": [ + "recommendationType", + "status" + ] + }, + "RecommendationConfigurationList": { + "type": "array", + "description": "List of recommendation configuration", + "items": { + "$ref": "#/definitions/RecommendationConfigurationProperties" + } + }, + "UpdateIotSecuritySolutionData": { + "type": "object", + "properties": { + "userDefinedResources": { + "$ref": "#/definitions/UserDefinedResourcesProperties" + }, + "recommendationsConfiguration": { + "$ref": "#/definitions/RecommendationConfigurationList" + } + }, + "allOf": [ + { + "$ref": "#/definitions/TagsResource" + } + ] + } + }, + "parameters": { + "SolutionName": { + "name": "solutionName", + "in": "path", + "required": true, + "description": "The solution manager name", + "type": "string", + "x-ms-parameter-location": "method" + }, + "IotSecuritySolutionData": { + "name": "iotSecuritySolutionData", + "in": "body", + "required": true, + "description": "The security solution data", + "schema": { + "$ref": "#/definitions/IoTSecuritySolutionModel" + }, + "x-ms-parameter-location": "method" + }, + "FilterParam": { + "name": "$filter", + "in": "query", + "required": false, + "description": "filter the Security Solution with OData syntax. supporting filter by iotHubs", + "type": "string", + "x-ms-parameter-location": "method" + }, + "UpdateIotSecuritySolution": { + "name": "updateIotSecuritySolutionData", + "in": "body", + "required": true, + "description": "The security solution data", + "x-ms-parameter-location": "method", + "schema": { + "$ref": "#/definitions/UpdateIotSecuritySolutionData" + } + } + } +} diff --git a/specification/security/resource-manager/readme.md b/specification/security/resource-manager/readme.md index d7a2879d54a9..511a7d9162f4 100644 --- a/specification/security/resource-manager/readme.md +++ b/specification/security/resource-manager/readme.md @@ -94,6 +94,8 @@ input-file: - Microsoft.Security/preview/2017-08-01-preview/deviceSecurityGroups.json - Microsoft.Security/preview/2017-08-01-preview/settings.json - Microsoft.Security/preview/2017-08-01-preview/informationProtectionPolicies.json +- Microsoft.Security/preview/2017-08-01-preview/iotSecuritySolutions.json +- Microsoft.Security/preview/2017-08-01-preview/iotSecuritySolutionAnalytics.json - Microsoft.Security/preview/2015-06-01-preview/operations.json - Microsoft.Security/preview/2015-06-01-preview/locations.json - Microsoft.Security/preview/2015-06-01-preview/tasks.json @@ -121,6 +123,8 @@ input-file: - Microsoft.Security/stable/2018-06-01/pricings.json - Microsoft.Security/stable/2019-01-01/alerts.json - Microsoft.Security/stable/2019-01-01/settings.json +- Microsoft.Security/stable/2019-08-01/iotSecuritySolutions.json +- Microsoft.Security/stable/2019-08-01/iotSecuritySolutionAnalytics.json - Microsoft.Security/preview/2015-06-01-preview/allowedConnections.json - Microsoft.Security/preview/2015-06-01-preview/discoveredSecuritySolutions.json - Microsoft.Security/preview/2015-06-01-preview/externalSecuritySolutions.json @@ -136,8 +140,6 @@ input-file: - Microsoft.Security/preview/2017-08-01-preview/informationProtectionPolicies.json - Microsoft.Security/preview/2017-08-01-preview/securityContacts.json - Microsoft.Security/preview/2017-08-01-preview/workspaceSettings.json -- Microsoft.Security/preview/2017-08-01-preview/iotSecuritySolutions.json -- Microsoft.Security/preview/2017-08-01-preview/iotSecuritySolutionAnalytics.json - Microsoft.Security/preview/2019-01-01-preview/regulatoryCompliance.json - Microsoft.Security/preview/2019-01-01-preview/serverVulnerabilityAssessments.json From 49507298516baa9c319ebfc656a715b89959633e Mon Sep 17 00:00:00 2001 From: Hag Date: Tue, 30 Jul 2019 15:17:47 +0300 Subject: [PATCH 3/5] remove example from file names --- ...ample.json => CreateIoTSecuritySolution.json} | 0 ...ample.json => DeleteIoTSecuritySolution.json} | 0 ..._example.json => GetIoTSecuritySolution.json} | 0 ...ple.json => GetIoTSecuritySolutionsList.json} | 0 ... => GetIoTSecuritySolutionsListByIotHub.json} | 0 ...etIoTSecuritySolutionsListByIotHubAndRg.json} | 0 ...json => GetIoTSecuritySolutionsListByRg.json} | 0 ...ample.json => UpdateIoTSecuritySolution.json} | 0 ...ecuritySolutionsSecurityAggregatedAlert.json} | 0 ...itySolutionsSecurityAggregatedAlertList.json} | 0 ...etIoTSecuritySolutionsSecurityAnalytics.json} | 0 ...TSecuritySolutionsSecurityAnalyticsList.json} | 0 ...SecuritySolutionsSecurityRecommendation.json} | 0 ...ritySolutionsSecurityRecommendationList.json} | 0 ...SolutionsSecurityAggregatedAlertDismiss.json} | 0 .../2019-08-01/iotSecuritySolutionAnalytics.json | 14 +++++++------- .../stable/2019-08-01/iotSecuritySolutions.json | 16 ++++++++-------- 17 files changed, 15 insertions(+), 15 deletions(-) rename specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/{CreateIoTSecuritySolution_example.json => CreateIoTSecuritySolution.json} (100%) rename specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/{DeleteIoTSecuritySolution_example.json => DeleteIoTSecuritySolution.json} (100%) rename specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/{GetIoTSecuritySolution_example.json => GetIoTSecuritySolution.json} (100%) rename specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/{GetIoTSecuritySolutionsList_example.json => GetIoTSecuritySolutionsList.json} (100%) rename specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/{GetIoTSecuritySolutionsListByIotHub_example.json => GetIoTSecuritySolutionsListByIotHub.json} (100%) rename specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/{GetIoTSecuritySolutionsListByIotHubAndRg_example.json => GetIoTSecuritySolutionsListByIotHubAndRg.json} (100%) rename specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/{GetIoTSecuritySolutionsListByRg_example.json => GetIoTSecuritySolutionsListByRg.json} (100%) rename specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/{UpdateIoTSecuritySolution_example.json => UpdateIoTSecuritySolution.json} (100%) rename specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/{GetIoTSecuritySolutionsSecurityAggregatedAlert_example.json => GetIoTSecuritySolutionsSecurityAggregatedAlert.json} (100%) rename specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/{GetIoTSecuritySolutionsSecurityAggregatedAlertList_example.json => GetIoTSecuritySolutionsSecurityAggregatedAlertList.json} (100%) rename specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/{GetIoTSecuritySolutionsSecurityAnalytics_example.json => GetIoTSecuritySolutionsSecurityAnalytics.json} (100%) rename specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/{GetIoTSecuritySolutionsSecurityAnalyticsList_example.json => GetIoTSecuritySolutionsSecurityAnalyticsList.json} (100%) rename specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/{GetIoTSecuritySolutionsSecurityRecommendation_example.json => GetIoTSecuritySolutionsSecurityRecommendation.json} (100%) rename specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/{GetIoTSecuritySolutionsSecurityRecommendationList_example.json => GetIoTSecuritySolutionsSecurityRecommendationList.json} (100%) rename specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/{PostIoTSecuritySolutionsSecurityAggregatedAlertDismiss_example.json => PostIoTSecuritySolutionsSecurityAggregatedAlertDismiss.json} (100%) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/CreateIoTSecuritySolution_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/CreateIoTSecuritySolution.json similarity index 100% rename from specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/CreateIoTSecuritySolution_example.json rename to specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/CreateIoTSecuritySolution.json diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/DeleteIoTSecuritySolution_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/DeleteIoTSecuritySolution.json similarity index 100% rename from specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/DeleteIoTSecuritySolution_example.json rename to specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/DeleteIoTSecuritySolution.json diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolution_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolution.json similarity index 100% rename from specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolution_example.json rename to specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolution.json diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsList_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsList.json similarity index 100% rename from specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsList_example.json rename to specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsList.json diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByIotHub_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByIotHub.json similarity index 100% rename from specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByIotHub_example.json rename to specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByIotHub.json diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByIotHubAndRg_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByIotHubAndRg.json similarity index 100% rename from specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByIotHubAndRg_example.json rename to specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByIotHubAndRg.json diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByRg_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByRg.json similarity index 100% rename from specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByRg_example.json rename to specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByRg.json diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/UpdateIoTSecuritySolution_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/UpdateIoTSecuritySolution.json similarity index 100% rename from specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/UpdateIoTSecuritySolution_example.json rename to specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/UpdateIoTSecuritySolution.json diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAggregatedAlert_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAggregatedAlert.json similarity index 100% rename from specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAggregatedAlert_example.json rename to specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAggregatedAlert.json diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAggregatedAlertList_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAggregatedAlertList.json similarity index 100% rename from specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAggregatedAlertList_example.json rename to specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAggregatedAlertList.json diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalytics_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalytics.json similarity index 100% rename from specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalytics_example.json rename to specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalytics.json diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalyticsList_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalyticsList.json similarity index 100% rename from specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalyticsList_example.json rename to specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalyticsList.json diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendation_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendation.json similarity index 100% rename from specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendation_example.json rename to specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendation.json diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendationList_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendationList.json similarity index 100% rename from specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendationList_example.json rename to specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendationList.json diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/PostIoTSecuritySolutionsSecurityAggregatedAlertDismiss_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/PostIoTSecuritySolutionsSecurityAggregatedAlertDismiss.json similarity index 100% rename from specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/PostIoTSecuritySolutionsSecurityAggregatedAlertDismiss_example.json rename to specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/PostIoTSecuritySolutionsSecurityAggregatedAlertDismiss.json diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotSecuritySolutionAnalytics.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotSecuritySolutionAnalytics.json index 69f53b3b6072..578f0914bb14 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotSecuritySolutionAnalytics.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotSecuritySolutionAnalytics.json @@ -38,7 +38,7 @@ "get": { "x-ms-examples": { "Get Security Solutions Analytics": { - "$ref": "./examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalyticsList_example.json" + "$ref": "./examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalyticsList.json" } }, "tags": [ @@ -80,7 +80,7 @@ "get": { "x-ms-examples": { "Get Security Solutions Analytics": { - "$ref": "./examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalytics_example.json" + "$ref": "./examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAnalytics.json" } }, "tags": [ @@ -122,7 +122,7 @@ "get": { "x-ms-examples": { "Get Security Solutions Analytics": { - "$ref": "./examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAggregatedAlertList_example.json" + "$ref": "./examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAggregatedAlertList.json" } }, "tags": [ @@ -174,7 +174,7 @@ "get": { "x-ms-examples": { "Get Security Solutions Analytics": { - "$ref": "./examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAggregatedAlert_example.json" + "$ref": "./examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityAggregatedAlert.json" } }, "tags": [ @@ -219,7 +219,7 @@ "post": { "x-ms-examples": { "Get Security Solutions Analytics": { - "$ref": "./examples/IoTSecuritySolutionsAnalytics/PostIoTSecuritySolutionsSecurityAggregatedAlertDismiss_example.json" + "$ref": "./examples/IoTSecuritySolutionsAnalytics/PostIoTSecuritySolutionsSecurityAggregatedAlertDismiss.json" } }, "tags": [ @@ -261,7 +261,7 @@ "get": { "x-ms-examples": { "Get Security Solutions Analytics": { - "$ref": "./examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendation_example.json" + "$ref": "./examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendation.json" } }, "tags": [ @@ -306,7 +306,7 @@ "get": { "x-ms-examples": { "Get Security Solutions Analytics": { - "$ref": "./examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendationList_example.json" + "$ref": "./examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendationList.json" } }, "tags": [ diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotSecuritySolutions.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotSecuritySolutions.json index 1fc9e82ba092..b5818259b3d7 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotSecuritySolutions.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotSecuritySolutions.json @@ -38,10 +38,10 @@ "get": { "x-ms-examples": { "Get Security Solutions list": { - "$ref": "./examples/IoTSecuritySolutions/GetIoTSecuritySolutionsList_example.json" + "$ref": "./examples/IoTSecuritySolutions/GetIoTSecuritySolutionsList.json" }, "Get Security Solutions list By IotHub": { - "$ref": "./examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByIotHub_example.json" + "$ref": "./examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByIotHub.json" } }, "tags": [ @@ -83,10 +83,10 @@ "get": { "x-ms-examples": { "Get Security Solutions list": { - "$ref": "./examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByRg_example.json" + "$ref": "./examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByRg.json" }, "Get Security Solutions list By IotHub": { - "$ref": "./examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByIotHubAndRg_example.json" + "$ref": "./examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByIotHubAndRg.json" } }, "tags": [ @@ -131,7 +131,7 @@ "get": { "x-ms-examples": { "Get an iot security solution": { - "$ref": "./examples/IoTSecuritySolutions/GetIoTSecuritySolution_example.json" + "$ref": "./examples/IoTSecuritySolutions/GetIoTSecuritySolution.json" } }, "tags": [ @@ -171,7 +171,7 @@ "put": { "x-ms-examples": { "Create an iot security solution": { - "$ref": "./examples/IoTSecuritySolutions/CreateIoTSecuritySolution_example.json" + "$ref": "./examples/IoTSecuritySolutions/CreateIoTSecuritySolution.json" } }, "tags": [ @@ -220,7 +220,7 @@ "patch": { "x-ms-examples": { "Update an iot security solution": { - "$ref": "./examples/IoTSecuritySolutions/UpdateIoTSecuritySolution_example.json" + "$ref": "./examples/IoTSecuritySolutions/UpdateIoTSecuritySolution.json" } }, "tags": [ @@ -263,7 +263,7 @@ "delete": { "x-ms-examples": { "Create an iot security solution": { - "$ref": "./examples/IoTSecuritySolutions/DeleteIoTSecuritySolution_example.json" + "$ref": "./examples/IoTSecuritySolutions/DeleteIoTSecuritySolution.json" } }, "tags": [ From e763a96421ef60d69bbae038d008c08002f16359 Mon Sep 17 00:00:00 2001 From: Hag Date: Tue, 30 Jul 2019 21:29:33 +0300 Subject: [PATCH 4/5] remove paging support from IoTSecurityDeviceRecommendationsList --- .../stable/2019-08-01/iotSecuritySolutionAnalytics.json | 5 ----- 1 file changed, 5 deletions(-) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotSecuritySolutionAnalytics.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotSecuritySolutionAnalytics.json index 578f0914bb14..f8fdcf719e2b 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotSecuritySolutionAnalytics.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotSecuritySolutionAnalytics.json @@ -552,11 +552,6 @@ "items": { "$ref": "#/definitions/IoTSecurityDeviceRecommendation" } - }, - "nextLink": { - "readOnly": true, - "type": "string", - "description": "The URI to fetch the next page." } } }, From dea80a5e1da4b383480342bba4eca97ba55c053b Mon Sep 17 00:00:00 2001 From: Hag Date: Wed, 31 Jul 2019 10:47:14 +0300 Subject: [PATCH 5/5] remove paging from IoTSecurityAlertedDevicesList --- .../stable/2019-08-01/iotSecuritySolutionAnalytics.json | 5 ----- 1 file changed, 5 deletions(-) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotSecuritySolutionAnalytics.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotSecuritySolutionAnalytics.json index f8fdcf719e2b..a75f7f1ee3a4 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotSecuritySolutionAnalytics.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotSecuritySolutionAnalytics.json @@ -512,11 +512,6 @@ "items": { "$ref": "#/definitions/IoTSecurityAlertedDevice" } - }, - "nextLink": { - "readOnly": true, - "type": "string", - "description": "The URI to fetch the next page." } } },