Skip to content

Latest commit





Folders and files

Last commit message
Last commit date

parent directory



Client library for Security Center

Installation and Usage

npm install --save @datafire/azure_security_automations
let azure_security_automations = require('@datafire/azure_security_automations').create({
  access_token: "",
  refresh_token: "",
  client_id: "",
  client_secret: "",
  redirect_uri: ""

.then(data => {


API spec for Microsoft.Security (Azure Security Center) resource provider



Lists all the security automations in the specified subscription. Use the 'nextLink' property in the response to get the next page of security automations for the specified subscription.

  "api-version": "",
  "subscriptionId": ""
}, context)


  • input object
    • api-version required string: API version for the operation
    • subscriptionId required string: Azure subscription ID



Lists all the security automations in the specified resource group. Use the 'nextLink' property in the response to get the next page of security automations for the specified resource group.

  "api-version": "",
  "subscriptionId": "",
  "resourceGroupName": ""
}, context)


  • input object
    • api-version required string: API version for the operation
    • subscriptionId required string: Azure subscription ID
    • resourceGroupName required string: The name of the resource group within the user's subscription. The name is case insensitive.



Deletes a security automation.

  "api-version": "",
  "subscriptionId": "",
  "resourceGroupName": "",
  "automationName": ""
}, context)


  • input object
    • api-version required string: API version for the operation
    • subscriptionId required string: Azure subscription ID
    • resourceGroupName required string: The name of the resource group within the user's subscription. The name is case insensitive.
    • automationName required string: The security automation name.


Output schema unknown


Retrieves information about the model of a security automation.

  "api-version": "",
  "subscriptionId": "",
  "resourceGroupName": "",
  "automationName": ""
}, context)


  • input object
    • api-version required string: API version for the operation
    • subscriptionId required string: Azure subscription ID
    • resourceGroupName required string: The name of the resource group within the user's subscription. The name is case insensitive.
    • automationName required string: The security automation name.



Creates or updates a security automation. If a security automation is already created and a subsequent request is issued for the same automation id, then it will be updated.

  "api-version": "",
  "subscriptionId": "",
  "resourceGroupName": "",
  "automationName": "",
  "Automation": {}
}, context)


  • input object
    • api-version required string: API version for the operation
    • subscriptionId required string: Azure subscription ID
    • resourceGroupName required string: The name of the resource group within the user's subscription. The name is case insensitive.
    • automationName required string: The security automation name.
    • Automation required Automation



Validates the security automation model before create or update. Any validation errors are returned to the client.

  "api-version": "",
  "subscriptionId": "",
  "resourceGroupName": "",
  "automationName": "",
  "Automation": {}
}, context)


  • input object
    • api-version required string: API version for the operation
    • subscriptionId required string: Azure subscription ID
    • resourceGroupName required string: The name of the resource group within the user's subscription. The name is case insensitive.
    • automationName required string: The security automation name.
    • Automation required Automation




  • Automation object: The security automation resource.
    • properties AutomationProperties
    • id string: Resource Id
    • name string: Resource name
    • type string: Resource type
    • location string: Location where the resource is stored
    • kind string: Kind of the resource
    • etag string: Entity tag is used for comparing two or more entities from the same requested resource.
    • tags object: A list of key value pairs that describe the resource.


  • AutomationAction object: The action that should be triggered.
    • actionType required string (values: LogicApp, EventHub, Workspace): The type of the action that will be triggered by the Automation


  • AutomationActionEventHub object: The target Event Hub to which event data will be exported. To learn more about Security Center continuous export capabilities, visit
    • connectionString string: The target Event Hub connection string (it will not be included in any response).
    • eventHubResourceId string: The target Event Hub Azure Resource ID.
    • sasPolicyName string: The target Event Hub SAS policy name.
    • actionType required string (values: LogicApp, EventHub, Workspace): The type of the action that will be triggered by the Automation


  • AutomationActionLogicApp object: The logic app action that should be triggered. To learn more about Security Center's Workflow Automation capabilities, visit
    • logicAppResourceId string: The triggered Logic App Azure Resource ID. This can also reside on other subscriptions, given that you have permissions to trigger the Logic App
    • uri string: The Logic App trigger URI endpoint (it will not be included in any response).
    • actionType required string (values: LogicApp, EventHub, Workspace): The type of the action that will be triggered by the Automation


  • AutomationActionWorkspace object: The Log Analytics Workspace to which event data will be exported. Security alerts data will reside in the 'SecurityAlert' table and the assessments data will reside in the 'SecurityRecommendation' table (under the 'Security'/'SecurityCenterFree' solutions). Note that in order to view the data in the workspace, the Security Center Log Analytics free/standard solution needs to be enabled on that workspace. To learn more about Security Center continuous export capabilities, visit
    • workspaceResourceId string: The fully qualified Log Analytics Workspace Azure Resource ID.
    • actionType required string (values: LogicApp, EventHub, Workspace): The type of the action that will be triggered by the Automation


  • AutomationList object: List of security automations response.
    • nextLink string: The URI to fetch the next page.
    • value required array: The list of security automations under the given scope.


  • AutomationProperties object: A set of properties that defines the behavior of the automation configuration. To learn more about the supported security events data models schemas - please visit
    • actions array: A collection of the actions which are triggered if all the configured rules evaluations, within at least one rule set, are true.
    • description string: The security automation description.
    • isEnabled boolean: Indicates whether the security automation is enabled.
    • scopes array: A collection of scopes on which the security automations logic is applied. Supported scopes are the subscription itself or a resource group under that subscription. The automation will only apply on defined scopes.
    • sources array: A collection of the source event types which evaluate the security automation set of rules.


  • AutomationRuleSet object: A rule set which evaluates all its rules upon an event interception. Only when all the included rules in the rule set will be evaluated as 'true', will the event trigger the defined actions.


  • AutomationScope object: A single automation scope.
    • description string: The resources scope description.
    • scopePath string: The resources scope path. Can be the subscription on which the automation is defined on or a resource group under that subscription (fully qualified Azure resource IDs).


  • AutomationSource object: The source event types which evaluate the security automation set of rules. For example - security alerts and security assessments. To learn more about the supported security events data models schemas - please visit
    • eventSource string (values: Assessments, Alerts): A valid event source type.
    • ruleSets array: A set of rules which evaluate upon event interception. A logical disjunction is applied between defined rule sets (logical 'or').


  • AutomationTriggeringRule object: A rule which is evaluated upon event interception. The rule is configured by comparing a specific value from the event model to an expected value. This comparison is done by using one of the supported operators set.
    • expectedValue string: The expected value.
    • operator string (values: Equals, GreaterThan, GreaterThanOrEqualTo, LesserThan, LesserThanOrEqualTo, NotEquals, Contains, StartsWith, EndsWith): A valid comparer operator to use. A case-insensitive comparison will be applied for String PropertyType.
    • propertyJPath string: The JPath of the entity model property that should be checked.
    • propertyType string (values: String, Integer, Number, Boolean): The data type of the compared operands (string, integer, floating point number or a boolean [true/false]]


  • AutomationValidationStatus object: The security automation model state property bag.
    • isValid boolean: Indicates whether the model is valid or not.
    • message string: The validation message.