Skip to content

Commit

Permalink
Michal dev security microsoft.security 2017 08 01 preview (#6563)
Browse files Browse the repository at this point in the history 
* changed enum name ruleType to RecommendationType in IoTSecuritySolution RP

* changed examples of IOT security solution RP

* nullable userDefinedResources query/subs

* fixing the Security Solution RP

* Changed the enums of the Recommendations type and status of the IOT Solution Manager RP

* changed property of the recommendation configuration form "description" to "name" in the IOT Solution Manager RP

* Fixed examples of IOT Security Manager RP

* Fixed error in schema related to IoT security Solution RP

* fixed enums in IoT Security solution RP

* fixed spelling mistakes in IoT solution Manager RP files

* Update specification/security/resource-manager/Microsoft.Security/preview/2017-08-01-preview/iotSecuritySolutions.json

Co-Authored-By: Nick Schonning <nschonni@gmail.com>

* Update specification/security/resource-manager/Microsoft.Security/preview/2017-08-01-preview/examples/IoTSecuritySolutions/CreateIoTSecuritySolution_example.json

Co-Authored-By: Nick Schonning <nschonni@gmail.com>

* Fixed spelling mistakes in IoT solution manager RP

* Fixed spelling mistakes in IoT solution Manager RP

* removed unprintable characters and tabs from the IoT Security Solution json
  • Loading branch information
@MichalHel @shahabhijeet
MichalHel authored and shahabhijeet committed Jul 26, 2019
1 parent dc6296b commit bb46e5b
Show file tree
Hide file tree
Showing 8 changed files with 686 additions and 236 deletions.
176 changes: 170 additions & 6 deletions ...w/2017-08-01-preview/examples/IoTSecuritySolutions/CreateIoTSecuritySolution_example.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,17 @@
"querySubscriptions": [
"075423e9-7d33-4166-8bdf-3920b04e3735"
]
}
},
"recommendationsConfiguration": [
{
"recommendationType": "IoT_OpenPorts",
"status": "Disabled"
},
{
"recommendationType": "IoT_SharedCredentials",
"status": "Disabled"
}
]
}
}
},
Expand Down Expand Up @@ -51,6 +61,88 @@
"autoDiscoveredResources": [
"/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735",
"/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub"
],
"recommendationsConfiguration": [
{
"recommendationType": "IoT_ACRAuthentication",
"name": "Service Principal Not Used with ACR",
"status": "Enabled"
},
{
"recommendationType": "IoT_AgentSendsUnutilizedMessages",
"name": "Agent sending underutilized messages",
"status": "TurnedOn"
},
{
"recommendationType": "IoT_Baseline",
"name": "Operating system (OS) baseline validation failure",
"status": "Enabled"
},
{
"recommendationType": "IoT_EdgeHubMemOptimize",
"name": "Edge Hub memory can be optimized",
"status": "Enabled"
},
{
"recommendationType": "IoT_EdgeLoggingOptions",
"name": "No Logging Configured for Edge Module",
"status": "Enabled"
},
{
"recommendationType": "IoT_InconsistentModuleSettings",
"name": "Module Settings Inconsistent in SecurityGroup",
"status": "Enabled"
},
{
"recommendationType": "IoT_InstallAgent",
"name": "Install the Azure Security of Things Agent",
"status": "Enabled"
},
{
"recommendationType": "IoT_IPFilter_DenyAll",
"name": "Default IP Filter Policy should be Deny",
"status": "Enabled"
},
{
"recommendationType": "IoT_IPFilter_PermissiveRule",
"name": "IP Filter rule includes large IP range",
"status": "Enabled"
},
{
"recommendationType": "IoT_OpenPorts",
"name": "Open Ports On Device",
"status": "Disabled"
},
{
"recommendationType": "IoT_PermissiveFirewallPolicy",
"name": "Permissive firewall policy in one of the chains was found",
"status": "Enabled"
},
{
"recommendationType": "IoT_PermissiveInputFirewallRules",
"name": "Permissive firewall rule in the input chain was found",
"status": "Enabled"
},
{
"recommendationType": "IoT_PermissiveOutputFirewallRules",
"name": "Permissive firewall rule in the output chain was found",
"status": "Enabled"
},
{
"recommendationType": "IoT_PrivilegedDockerOptions",
"name": "High level permissions configured in Edge model twin for Edge module",
"status": "Enabled"
},
{
"recommendationType": "IoT_SharedCredentials",
"name": "Same Authentication Credentials used by multiple devices",
"status": "Disabled"
},
{
"recommendationType": "IoT_VulnerableTLSCipherSuite",
"name": "TLS cipher suite upgrade",
"status": "Enabled"
}
]
}
}
Expand Down Expand Up @@ -81,14 +173,86 @@
"/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735",
"/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub"
],
"recommendationsConfiguration": [
"recommendationsConfiguration": [
{
"recommendationType": "IoT_ACRAuthentication",
"name": "Service Principal Not Used with ACR",
"status": "Enabled"
},
{
"recommendationType": "IoT_AgentSendsUnutilizedMessages",
"name": "Agent sending underutilized messages",
"status": "TurnedOn"
},
{
"recommendationType": "IoT_Baseline",
"name": "Operating system (OS) baseline validation failure",
"status": "Enabled"
},
{
"recommendationType": "IoT_EdgeHubMemOptimize",
"name": "Edge Hub memory can be optimized",
"status": "Enabled"
},
{
"recommendationType": "IoT_EdgeLoggingOptions",
"name": "No Logging Configured for Edge Module",
"status": "Enabled"
},
{
"recommendationType": "IoT_InconsistentModuleSettings",
"name": "Module Settings Inconsistent in SecurityGroup",
"status": "Enabled"
},
{
"recommendationType": "IoT_InstallAgent",
"name": "Install the Azure Security of Things Agent",
"status": "Enabled"
},
{
"recommendationType": "IoT_IPFilter_DenyAll",
"name": "Default IP Filter Policy should be Deny",
"status": "Enabled"
},
{
"recommendationType": "IoT_IPFilter_PermissiveRule",
"name": "IP Filter rule includes large IP range",
"status": "Enabled"
},
{
"recommendationType": "IoT_OpenPorts",
"name": "Open Ports On Device",
"status": "Disabled"
},
{
"recommendationType": "IoT_PermissiveFirewallPolicy",
"name": "Permissive firewall policy in one of the chains was found",
"status": "Enabled"
},
{
"recommendationType": "IoT_PermissiveInputFirewallRules",
"name": "Permissive firewall rule in the input chain was found",
"status": "Enabled"
},
{
"recommendationType": "IoT_PermissiveOutputFirewallRules",
"name": "Permissive firewall rule in the output chain was found",
"status": "Enabled"
},
{
"recommendationType": "IoT_PrivilegedDockerOptions",
"name": "High level permissions configured in Edge model twin for Edge module",
"status": "Enabled"
},
{
"recommendationType": "OpenPortsOnDevice",
"status": "TurnedOff"
"recommendationType": "IoT_SharedCredentials",
"name": "Same Authentication Credentials used by multiple devices",
"status": "Disabled"
},
{
"recommendationType": "IdenticalAuthenticationCredentials",
"status": "TurnedOff"
"recommendationType": "IoT_VulnerableTLSCipherSuite",
"name": "TLS cipher suite upgrade",
"status": "Enabled"
}
]
}
Expand Down
90 changes: 55 additions & 35 deletions ...view/2017-08-01-preview/examples/IoTSecuritySolutions/GetIoTSecuritySolution_example.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,64 +34,84 @@
],
"recommendationsConfiguration": [
{
"recommendationType": "OpenPortsOnDevice",
"description": "Open Ports on device",
"status": "TurnedOff"
"recommendationType": "IoT_ACRAuthentication",
"name": "Service Principal Not Used with ACR",
"status": "Enabled"
},
{
"recommendationType": "PermissiveFirewallPolicy",
"description": "Permissive firewall policy found in one of the chains",
"recommendationType": "IoT_AgentSendsUnutilizedMessages",
"name": "Agent sending underutilized messages",
"status": "TurnedOn"
},
{
"recommendationType": "PermissiveFirewallRuleInput",
"description": "Permissive firewall rule in the input chain was found",
"status": "TurnedOn"
"recommendationType": "IoT_Baseline",
"name": "Operating system (OS) baseline validation failure",
"status": "Enabled"
},
{
"recommendationType": "PermissiveFirewallRuleOut",
"description": "Permissive firewall rule in the output chain was found",
"status": "TurnedOn"
"recommendationType": "IoT_EdgeHubMemOptimize",
"name": "Edge Hub memory can be optimized",
"status": "Enabled"
},
{
"recommendationType": "OperationSystemNotValid",
"description": "Operation system baseline validation has failed",
"status": "TurnedOn"
"recommendationType": "IoT_EdgeLoggingOptions",
"name": "No Logging Configured for Edge Module",
"status": "Enabled"
},
{
"recommendationType": "UnutilizedMessagesFromAgent",
"description": "Agent sends unutilized messages",
"status": "TurnedOn"
"recommendationType": "IoT_InconsistentModuleSettings",
"name": "Module Settings Inconsistent in SecurityGroup",
"status": "Enabled"
},
{
"recommendationType": "SecurityTwinConfigurationNotOptimal",
"description": "Security twin configuration not optimal",
"status": "TurnedOn"
"recommendationType": "IoT_InstallAgent",
"name": "Install the Azure Security of Things Agent",
"status": "Enabled"
},
{
"recommendationType": "SecurityTwinConfigurationConflict",
"description": "Security twin configuration conflict",
"status": "TurnedOn"
"recommendationType": "IoT_IPFilter_DenyAll",
"name": "Default IP Filter Policy should be Deny",
"status": "Enabled"
},
{
"recommendationType": "IdenticalAuthenticationCredentials",
"description": "Identical authentication credentials used by multiple devices",
"status": "TurnedOff"
"recommendationType": "IoT_IPFilter_PermissiveRule",
"name": "IP Filter rule includes large IP range",
"status": "Enabled"
},
{
"recommendationType": "DenyDefaultIpPolicy",
"description": "Default IP filter policy should be deny",
"status": "TurnedOn"
"recommendationType": "IoT_OpenPorts",
"name": "Open Ports On Device",
"status": "Disabled"
},
{
"recommendationType": "TooLargeIPRange",
"description": "IP filter rule includes large IP range",
"status": "TurnedOn"
"recommendationType": "IoT_PermissiveFirewallPolicy",
"name": "Permissive firewall policy in one of the chains was found",
"status": "Enabled"
},
{
"recommendationType": "EnableDiagnosticsLog",
"description": "Enable diagnostics logs in IoT Hub",
"status": "TurnedOn"
"recommendationType": "IoT_PermissiveInputFirewallRules",
"name": "Permissive firewall rule in the input chain was found",
"status": "Enabled"
},
{
"recommendationType": "IoT_PermissiveOutputFirewallRules",
"name": "Permissive firewall rule in the output chain was found",
"status": "Enabled"
},
{
"recommendationType": "IoT_PrivilegedDockerOptions",
"name": "High level permissions configured in Edge model twin for Edge module",
"status": "Enabled"
},
{
"recommendationType": "IoT_SharedCredentials",
"name": "Same Authentication Credentials used by multiple devices",
"status": "Disabled"
},
{
"recommendationType": "IoT_VulnerableTLSCipherSuite",
"name": "TLS cipher suite upgrade",
"status": "Enabled"
}
]
}
Expand Down
Loading

0 comments on commit bb46e5b

Please sign in to comment.