Skip to content

Commit

Permalink
Assessment metadata API (Azure Security Center) (Azure#7622)
Browse files Browse the repository at this point in the history 
* create assessmentMetadata.json

* prettier fix

* review fixes

* add userImpact, implementationEffort, threat fields to assessmentMetadata

* cleanup readme.md

* Fix property name

* prettier fixes

* Property casing fix
  • Loading branch information
@eliagrady @AnuTalluri
eliagrady authored and AnuTalluri committed Dec 11, 2019
1 parent b659c55 commit af839f8
Show file tree
Hide file tree
Showing 8 changed files with 841 additions and 41 deletions.
530 changes: 530 additions & 0 deletions ...ty/resource-manager/Microsoft.Security/preview/2019-01-01-preview/assessmentMetadata.json
View file

Large diffs are not rendered by default.

53 changes: 53 additions & 0 deletions ...-preview/examples/AssessmentsMetadata/CreateAssessmentsMetadata_subscription_example.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
{
"parameters": {
"api-version": "2019-01-01-preview",
"subscriptionId": "0980887d-03d6-408c-9566-532f3456804e",
"assessmentMetadataName": "ca039e75-a276-4175-aebc-bcd41e4b14b7",
"assessmentMetadata": {
"properties": {
"displayName": "Install endpoint protection solution on virtual machine scale sets",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de",
"description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.",
"remediationDescription": "To install an endpoint protection solution: 1. <a href=\"https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-faq#how-do-i-turn-on-antimalware-in-my-virtual-machine-scale-set\">Follow the instructions in How do I turn on antimalware in my virtual machine scale set</a>",
"category": [
"Compute"
],
"severity": "Medium",
"userImpact": "Low",
"implementationEffort": "Low",
"threats": [
"dataExfiltration",
"dataSpillage",
"maliciousInsider"
],
"assessmentType": "CustomerManaged"
}
}
},
"responses": {
"200": {
"body": {
"id": "/providers/Microsoft.Security/assessmentMetadata/ca039e75-a276-4175-aebc-bcd41e4b14b7",
"name": "ca039e75-a276-4175-aebc-bcd41e4b14b7",
"type": "Microsoft.Security/assessmentMetadata",
"properties": {
"displayName": "My organization security assessment",
"description": "Assessment that my organization created to view our security assessment in Azure Security Center",
"remediationDescription": "Fix it with these remediation instructions",
"category": [
"Compute"
],
"severity": "Medium",
"userImpact": "Low",
"implementationEffort": "Low",
"threats": [
"dataExfiltration",
"dataSpillage",
"maliciousInsider"
],
"assessmentType": "CustomerManaged"
}
}
}
}
}
10 changes: 10 additions & 0 deletions ...-preview/examples/AssessmentsMetadata/DeleteAssessmentsMetadata_subscription_example.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
{
"parameters": {
"api-version": "2019-01-01-preview",
"subscriptionId": "0980887d-03d6-408c-9566-532f3456804e",
"assessmentMetadataName": "ca039e75-a276-4175-aebc-bcd41e4b14b7"
},
"responses": {
"200": {}
}
}
33 changes: 33 additions & 0 deletions ...eview/2019-01-01-preview/examples/AssessmentsMetadata/GetAssessmentsMetadata_example.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
{
"parameters": {
"api-version": "2019-01-01-preview",
"assessmentMetadataName": "21300918-b2e3-0346-785f-c77ff57d243b"
},
"responses": {
"200": {
"body": {
"id": "/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b",
"name": "21300918-b2e3-0346-785f-c77ff57d243b",
"type": "Microsoft.Security/assessmentMetadata",
"properties": {
"displayName": "Install endpoint protection solution on virtual machine scale sets",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de",
"description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.",
"remediationDescription": "To install an endpoint protection solution: 1. <a href=\"https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-faq#how-do-i-turn-on-antimalware-in-my-virtual-machine-scale-set\">Follow the instructions in How do I turn on antimalware in my virtual machine scale set</a>",
"category": [
"Compute"
],
"severity": "Medium",
"userImpact": "Low",
"implementationEffort": "Low",
"threats": [
"dataExfiltration",
"dataSpillage",
"maliciousInsider"
],
"assessmentType": "BuiltIn"
}
}
}
}
}
34 changes: 34 additions & 0 deletions ...-01-preview/examples/AssessmentsMetadata/GetAssessmentsMetadata_subscription_example.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
{
"parameters": {
"api-version": "2019-01-01-preview",
"subscriptionId": "0980887d-03d6-408c-9566-532f3456804e",
"assessmentMetadataName": "21300918-b2e3-0346-785f-c77ff57d243b"
},
"responses": {
"200": {
"body": {
"id": "/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b",
"name": "21300918-b2e3-0346-785f-c77ff57d243b",
"type": "Microsoft.Security/assessmentMetadata",
"properties": {
"displayName": "Install endpoint protection solution on virtual machine scale sets",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de",
"description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.",
"remediationDescription": "To install an endpoint protection solution: 1. <a href=\"https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-faq#how-do-i-turn-on-antimalware-in-my-virtual-machine-scale-set\">Follow the instructions in How do I turn on antimalware in my virtual machine scale set</a>",
"category": [
"Compute"
],
"severity": "Medium",
"userImpact": "Low",
"implementationEffort": "Low",
"threats": [
"dataExfiltration",
"dataSpillage",
"maliciousInsider"
],
"assessmentType": "BuiltIn"
}
}
}
}
}
78 changes: 78 additions & 0 deletions ...view/2019-01-01-preview/examples/AssessmentsMetadata/ListAssessmentsMetadata_example.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
{
"parameters": {
"api-version": "2019-01-01-preview"
},
"responses": {
"200": {
"body": {
"value": [
{
"id": "/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b",
"name": "21300918-b2e3-0346-785f-c77ff57d243b",
"type": "Microsoft.Security/assessmentMetadata",
"properties": {
"displayName": "Install endpoint protection solution on virtual machine scale sets",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de",
"description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.",
"remediationDescription": "To install an endpoint protection solution: 1. <a href=\"https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-faq#how-do-i-turn-on-antimalware-in-my-virtual-machine-scale-set\">Follow the instructions in How do I turn on antimalware in my virtual machine scale set</a>",
"category": [
"Compute"
],
"severity": "Medium",
"userImpact": "Low",
"implementationEffort": "Low",
"threats": [
"dataExfiltration",
"dataSpillage",
"maliciousInsider"
],
"assessmentType": "BuiltIn"
}
},
{
"id": "/providers/Microsoft.Security/assessmentMetadata/bc303248-3d14-44c2-96a0-55f5c326b5fe",
"name": "bc303248-3d14-44c2-96a0-55f5c326b5fe",
"type": "Microsoft.Security/assessmentMetadata",
"properties": {
"displayName": "Close management ports on your virtual machines",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917",
"description": "Open remote management ports expose your VM to a high level of risk from internet-based attacks that attempt to brute force credentials to gain admin access to the machine.",
"remediationDescription": "We recommend that you edit the inbound rules of the below virtual machines to restrict access to specific source ranges.<br>To restrict the access to your virtual machines: 1. Click on a VM from the list below 2. At the 'Networking' blade, click on each of the rules that allow management ports (e.g. RDP-3389, WINRM-5985, SSH-22) 3. Change the 'Action' property to 'Deny' 4. Click 'Save'",
"category": [
"Networking"
],
"severity": "Medium",
"userImpact": "High",
"implementationEffort": "Low",
"threats": [
"dataExfiltration",
"dataSpillage",
"maliciousInsider"
],
"preview": true,
"assessmentType": "CustomPolicy"
}
},
{
"id": "/providers/Microsoft.Security/assessmentMetadata/ca039e75-a276-4175-aebc-bcd41e4b14b7",
"name": "ca039e75-a276-4175-aebc-bcd41e4b14b7",
"type": "Microsoft.Security/assessmentMetadata",
"properties": {
"displayName": "My organization security assessment",
"description": "Assessment that my organization created to view our security assessment in Azure Security Center",
"remediationDescription": "Fix it with these remediation instructions",
"category": [
"Compute"
],
"severity": "Medium",
"userImpact": "Low",
"implementationEffort": "Low",
"threats": [],
"assessmentType": "CustomerManaged"
}
}
]
}
}
}
}
61 changes: 61 additions & 0 deletions ...01-preview/examples/AssessmentsMetadata/ListAssessmentsMetadata_subscription_example.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
{
"parameters": {
"api-version": "2019-01-01-preview",
"subscriptionId": "0980887d-03d6-408c-9566-532f3456804e"
},
"responses": {
"200": {
"body": {
"value": [
{
"id": "/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b",
"name": "21300918-b2e3-0346-785f-c77ff57d243b",
"type": "Microsoft.Security/assessmentMetadata",
"properties": {
"displayName": "Install endpoint protection solution on virtual machine scale sets",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de",
"description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.",
"remediationDescription": "To install an endpoint protection solution: 1. <a href=\"https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-faq#how-do-i-turn-on-antimalware-in-my-virtual-machine-scale-set\">Follow the instructions in How do I turn on antimalware in my virtual machine scale set</a>",
"category": [
"Compute"
],
"severity": "Medium",
"userImpact": "Low",
"implementationEffort": "Low",
"threats": [
"dataExfiltration",
"dataSpillage",
"maliciousInsider"
],
"assessmentType": "BuiltIn"
}
},
{
"id": "/providers/Microsoft.Security/assessmentMetadata/bc303248-3d14-44c2-96a0-55f5c326b5fe",
"name": "bc303248-3d14-44c2-96a0-55f5c326b5fe",
"type": "Microsoft.Security/assessmentMetadata",
"properties": {
"displayName": "Close management ports on your virtual machines",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917",
"description": "Open remote management ports expose your VM to a high level of risk from internet-based attacks that attempt to brute force credentials to gain admin access to the machine.",
"remediationDescription": "We recommend that you edit the inbound rules of the below virtual machines to restrict access to specific source ranges.<br>To restrict the access to your virtual machines: 1. Click on a VM from the list below 2. At the 'Networking' blade, click on each of the rules that allow management ports (e.g. RDP-3389, WINRM-5985, SSH-22) 3. Change the 'Action' property to 'Deny' 4. Click 'Save'",
"category": [
"Networking"
],
"severity": "Medium",
"userImpact": "High",
"implementationEffort": "Low",
"threats": [
"dataExfiltration",
"dataSpillage",
"maliciousInsider"
],
"preview": true,
"assessmentType": "CustomPolicy"
}
}
]
}
}
}
}
83 changes: 42 additions & 41 deletions specification/security/resource-manager/readme.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -157,6 +157,7 @@ input-file:
- Microsoft.Security/preview/2019-01-01-preview/serverVulnerabilityAssessments.json
- Microsoft.Security/preview/2019-01-01-preview/subAssessments.json
- Microsoft.Security/preview/2019-01-01-preview/automations.json
- Microsoft.Security/preview/2019-01-01-preview/assessmentMetadata.json
# Needed when there is more than one input file
override-info:
Expand Down Expand Up @@ -325,46 +326,46 @@ AutoRest V3 generators require the use of `--tag=all-api-versions` to select api

This block is updated by an automatic script. Edits may be lost!

``` yaml $(tag) == 'all-api-versions' /* autogenerated */
# include the azure profile definitions from the standard location
require: $(this-folder)/../../../profiles/readme.md
# all the input files across all versions
input-file:
- $(this-folder)/Microsoft.Security/preview/2019-01-01-preview/automations.json
- $(this-folder)/Microsoft.Security/preview/2019-01-01-preview/subAssessments.json
- $(this-folder)/Microsoft.Security/preview/2019-01-01-preview/regulatoryCompliance.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/pricings.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/securityContacts.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/workspaceSettings.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/autoProvisioningSettings.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/compliances.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/advancedThreatProtectionSettings.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/deviceSecurityGroups.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/settings.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/informationProtectionPolicies.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/operations.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/locations.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/tasks.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/alerts.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/discoveredSecuritySolutions.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/jitNetworkAccessPolicies.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/applicationWhitelistings.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/externalSecuritySolutions.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/topologies.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/allowedConnections.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/adaptiveNetworkHardenings.json
- $(this-folder)/Microsoft.Security/stable/2018-06-01/pricings.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/iotSecuritySolutions.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/iotSecuritySolutionAnalytics.json
- $(this-folder)/Microsoft.Security/stable/2019-01-01/alerts.json
- $(this-folder)/Microsoft.Security/stable/2017-08-01/complianceResults.json
- $(this-folder)/Microsoft.Security/stable/2019-01-01/settings.json
- $(this-folder)/Microsoft.Security/stable/2019-08-01/deviceSecurityGroups.json
- $(this-folder)/Microsoft.Security/stable/2019-08-01/iotSecuritySolutions.json
- $(this-folder)/Microsoft.Security/stable/2019-08-01/iotSecuritySolutionAnalytics.json
- $(this-folder)/Microsoft.Security/preview/2019-01-01-preview/serverVulnerabilityAssessments.json
``` yaml $(tag) == 'all-api-versions' /* autogenerated */
# include the azure profile definitions from the standard location
require: $(this-folder)/../../../profiles/readme.md
# all the input files across all versions
input-file:
- $(this-folder)/Microsoft.Security/preview/2019-01-01-preview/automations.json
- $(this-folder)/Microsoft.Security/preview/2019-01-01-preview/subAssessments.json
- $(this-folder)/Microsoft.Security/preview/2019-01-01-preview/regulatoryCompliance.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/pricings.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/securityContacts.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/workspaceSettings.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/autoProvisioningSettings.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/compliances.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/advancedThreatProtectionSettings.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/deviceSecurityGroups.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/settings.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/informationProtectionPolicies.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/operations.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/locations.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/tasks.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/alerts.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/discoveredSecuritySolutions.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/jitNetworkAccessPolicies.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/applicationWhitelistings.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/externalSecuritySolutions.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/topologies.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/allowedConnections.json
- $(this-folder)/Microsoft.Security/preview/2015-06-01-preview/adaptiveNetworkHardenings.json
- $(this-folder)/Microsoft.Security/stable/2018-06-01/pricings.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/iotSecuritySolutions.json
- $(this-folder)/Microsoft.Security/preview/2017-08-01-preview/iotSecuritySolutionAnalytics.json
- $(this-folder)/Microsoft.Security/stable/2019-01-01/alerts.json
- $(this-folder)/Microsoft.Security/stable/2017-08-01/complianceResults.json
- $(this-folder)/Microsoft.Security/stable/2019-01-01/settings.json
- $(this-folder)/Microsoft.Security/stable/2019-08-01/deviceSecurityGroups.json
- $(this-folder)/Microsoft.Security/stable/2019-08-01/iotSecuritySolutions.json
- $(this-folder)/Microsoft.Security/stable/2019-08-01/iotSecuritySolutionAnalytics.json
- $(this-folder)/Microsoft.Security/preview/2019-01-01-preview/serverVulnerabilityAssessments.json
```

If there are files that should not be in the `all-api-versions` set,
Expand All @@ -373,4 +374,4 @@ uncomment the `exclude-file` section below and add the file paths.
``` yaml $(tag) == 'all-api-versions'
#exclude-file:
# - $(this-folder)/Microsoft.Example/stable/2010-01-01/somefile.json
```
```

0 comments on commit af839f8

Please sign in to comment.