Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add alerts and recommendations resources #14599

Merged
merged 19 commits into from
Jun 13, 2021
Merged

Add alerts and recommendations resources #14599

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
1744269
add new resources
May 30, 2021
3c66b9f
Add resources to markdown
May 30, 2021
a9c2dcf
Modify routes
May 30, 2021
4952a97
Add systemData
May 30, 2021
0ba5be2
Add systemData to defenderSettings
May 30, 2021
2ee8ce0
Add missing parameter
May 30, 2021
6307a61
Add more systemData
May 30, 2021
3b5d8f7
Fix example
May 30, 2021
5ba9009
Add new API version
May 30, 2021
1c4b533
Remove redundant change
May 30, 2021
08e8bd4
update markdown
May 30, 2021
7d7b8c1
Add operations to new API version
May 30, 2021
943ef53
Update list filters
May 31, 2021
c99f5a6
update description
May 31, 2021
44be757
update examples
May 31, 2021
6fbbe62
Update examples
Jun 1, 2021
0a48817
Add missing properties
Jun 1, 2021
14b3231
Add missing properties
Jun 1, 2021
87128e0
Rename property
Jun 1, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
313 changes: 313 additions & 0 deletions ...ecurity/resource-manager/Microsoft.IoTSecurity/preview/2021-07-01-preview/alertTypes.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,313 @@
{
"swagger": "2.0",
"info": {
"title": "Azure Defender for IoT",
"description": "API spec for Microsoft.IoTSecurity (Azure Defender for IoT) resource provider",
"version": "2021-07-01-preview"
},
"host": "management.azure.com",
"schemes": [
"https"
],
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"security": [
{
"azure_auth": [
"user_impersonation"
]
}
],
"securityDefinitions": {
"azure_auth": {
"type": "oauth2",
"authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize",
"flow": "implicit",
"description": "Azure Active Directory OAuth2 Flow",
"scopes": {
"user_impersonation": "impersonate your user account"
}
}
},
"paths": {
"/subscriptions/{subscriptionId}/providers/Microsoft.IoTSecurity/alertTypes": {
"get": {
"x-ms-examples": {
"Get IoT Alert Types": {
"$ref": "./examples/AlertTypes/GetAlertTypeList.json"
}
},
"tags": [
"IoT Security Alert Types"
],
"description": "List IoT alert types",
"operationId": "AlertTypes_List",
"parameters": [
{
"$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter"
},
{
"$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter"
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/AlertTypeList"
}
},
"default": {
"description": "Error response describing why the operation failed.",
"schema": {
"$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse"
}
}
}
}
},
"/subscriptions/{subscriptionId}/providers/Microsoft.IoTSecurity/alertTypes/{alertTypeName}": {
"get": {
"x-ms-examples": {
"Get IoT Alert Type": {
"$ref": "./examples/AlertTypes/GetAlertType.json"
}
},
"tags": [
"IoT Security Alert Types"
],
"operationId": "AlertTypes_Get",
"description": "Get IoT alert type",
"parameters": [
{
"$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter"
},
{
"$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter"
},
{
"in": "path",
"name": "alertTypeName",
"required": true,
"type": "string",
"description": "Name of the alert type"
}
],
"responses": {
"200": {
"description": "IoT alert type",
"schema": {
"$ref": "#/definitions/AlertType"
}
},
"default": {
"description": "Error response describing why the operation failed.",
"schema": {
"$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse"
}
}
}
}
}
},
"definitions": {
"AlertTypeList": {
"type": "object",
"description": "List of alert types",
"properties": {
"value": {
"type": "array",
"description": "List data",
"items": {
"$ref": "#/definitions/AlertType"
}
}
}
},
"AlertType": {
"type": "object",
"description": "IoT alert type.",
"properties": {
"properties": {
"x-ms-client-flatten": true,
"description": "Alert type properties",
"$ref": "#/definitions/AlertTypeProperties"
},
"systemData": {
"readOnly": true,
"type": "object",
"description": "Azure Resource Manager metadata containing createdBy and modifiedBy information.",
"$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/systemData"
}
},
"allOf": [
{
"$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ProxyResource"
}
]
},
"AlertTypeProperties": {
"type": "object",
"description": "IoT alert type information.",
"properties": {
"alertDisplayName": {
"readOnly": true,
"type": "string",
"example": "Privileged container detected",
"description": "The display name of the alert"
},
"severity": {
"readOnly": true,
"type": "string",
"example": "Medium",
"description": "The severity of the alert",
"enum": [
"Informational",
"Low",
"Medium",
"High"
],
"x-ms-enum": {
"name": "alertSeverity",
"modelAsString": true,
"values": [
{
"value": "Informational"
},
{
"value": "Low"
},
{
"value": "Medium"
},
{
"value": "High"
}
]
}
},
"description": {
"readOnly": true,
"type": "string",
"description": "Description of the suspected vulnerability and meaning.",
"example": "Machine logs indicate that a privileged Docker container is running. A privileged container has full access to host resources. If compromised, a malicious actor can use the privileged container to gain access to the host machine."
},
"providerName": {
"readOnly": true,
"type": "string",
"example": "IoTSecurity",
"description": "The name of the alert provider or internal partner"
},
"productName": {
"readOnly": true,
"type": "string",
"example": "Azure Security Center for IoT",
"description": "The name of the product which published this alert"
},
"productComponentName": {
"readOnly": true,
"type": "string",
"example": "IoT Hub",
"description": "The name of a component inside the product which generated the alert"
},
"vendorName": {
"readOnly": true,
"type": "string",
"example": "Microsoft",
"description": "The name of the vendor that raise the alert"
},
"intent": {
"readOnly": true,
"type": "string",
"example": "Exploitation,Execution",
"description": "Kill chain related intent behind the alert. Could contain multiple enum values (separated by commas)",
"enum": [
"Unknown",
"PreAttack",
"InitialAccess",
"Persistence",
"PrivilegeEscalation",
"DefenseEvasion",
"CredentialAccess",
"Discovery",
"LateralMovement",
"Execution",
"Collection",
"Exfiltration",
"CommandAndControl",
"Impact",
"Probing",
"Exploitation"
],
"x-ms-enum": {
"name": "alertIntent",
"modelAsString": true,
"values": [
{
"value": "Unknown"
},
{
"value": "PreAttack"
},
{
"value": "InitialAccess"
},
{
"value": "Persistence"
},
{
"value": "PrivilegeEscalation"
},
{
"value": "DefenseEvasion"
},
{
"value": "CredentialAccess"
},
{
"value": "Discovery"
},
{
"value": "LateralMovement"
},
{
"value": "Execution"
},
{
"value": "Collection"
},
{
"value": "Exfiltration"
},
{
"value": "CommandAndControl"
},
{
"value": "Impact"
},
{
"value": "Probing"
},
{
"value": "Exploitation"
}
]
}
},
"remediationSteps": {
"readOnly": true,
"description": "Manual action items to take to remediate the alert",
"type": "array",
"items": {
"type": "string",
"example": "If the container doesn't need to run in privileged mode, remove the privileges from the container."
}
}
}
}
}
}
Loading