From 3b8a6f402dee9424dbc2e4e05ac6a969df7bd233 Mon Sep 17 00:00:00 2001 From: SDK Automation Date: Wed, 27 May 2020 21:08:22 +0000 Subject: [PATCH 1/2] Update from master --- sdk/security/azure-mgmt-security/README.md | 30 +- .../azure/mgmt/security/_security_center.py | 160 +- .../azure/mgmt/security/models/__init__.py | 333 +- .../azure/mgmt/security/models/_models.py | 3931 ++++++++++++++-- .../azure/mgmt/security/models/_models_py3.py | 3989 +++++++++++++++-- .../mgmt/security/models/_paged_models.py | 258 +- .../security/models/_security_center_enums.py | 202 +- .../mgmt/security/operations/__init__.py | 68 +- ...daptive_application_controls_operations.py | 61 +- ..._adaptive_network_hardenings_operations.py | 304 ++ .../_advanced_threat_protection_operations.py | 4 +- .../security/operations/_alerts_operations.py | 166 +- .../_alerts_suppression_rules_operations.py | 287 ++ .../_allowed_connections_operations.py | 4 +- .../_assessments_metadata_operations.py | 407 ++ .../operations/_assessments_operations.py | 303 ++ .../operations/_automations_operations.py | 437 ++ .../_device_security_groups_operations.py | 298 ++ ...iscovered_security_solutions_operations.py | 4 +- ..._external_security_solutions_operations.py | 4 +- ...ormation_protection_policies_operations.py | 15 +- ..._analytics_aggregated_alerts_operations.py | 117 - ...ons_analytics_recommendation_operations.py | 108 - ...ity_solutions_resource_group_operations.py | 115 - ...security_solution_analytics_operations.py} | 24 +- .../_iot_security_solution_operations.py | 174 +- ..._analytics_aggregated_alert_operations.py} | 95 +- ...ns_analytics_recommendation_operations.py} | 81 +- ..._jit_network_access_policies_operations.py | 11 +- .../operations/_pricings_operations.py | 17 +- ...re_score_control_definitions_operations.py | 170 + .../_secure_score_controls_operations.py | 186 + ...ations.py => _secure_scores_operations.py} | 86 +- .../operations/_settings_operations.py | 10 +- .../operations/_sub_assessments_operations.py | 253 ++ .../operations/_topology_operations.py | 4 +- sdk/security/azure-mgmt-security/setup.py | 5 +- 37 files changed, 11163 insertions(+), 1558 deletions(-) create mode 100644 sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_adaptive_network_hardenings_operations.py create mode 100644 sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_alerts_suppression_rules_operations.py create mode 100644 sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_assessments_metadata_operations.py create mode 100644 sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_assessments_operations.py create mode 100644 sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_automations_operations.py create mode 100644 sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_device_security_groups_operations.py delete mode 100644 sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_io_tsecurity_solutions_analytics_aggregated_alerts_operations.py delete mode 100644 sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_io_tsecurity_solutions_analytics_recommendation_operations.py delete mode 100644 sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_io_tsecurity_solutions_resource_group_operations.py rename sdk/security/azure-mgmt-security/azure/mgmt/security/operations/{_io_tsecurity_solutions_analytics_operations.py => _iot_security_solution_analytics_operations.py} (89%) rename sdk/security/azure-mgmt-security/azure/mgmt/security/operations/{_io_tsecurity_solutions_analytics_aggregated_alert_operations.py => _iot_security_solutions_analytics_aggregated_alert_operations.py} (63%) rename sdk/security/azure-mgmt-security/azure/mgmt/security/operations/{_io_tsecurity_solutions_analytics_recommendations_operations.py => _iot_security_solutions_analytics_recommendation_operations.py} (54%) create mode 100644 sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_secure_score_control_definitions_operations.py create mode 100644 sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_secure_score_controls_operations.py rename sdk/security/azure-mgmt-security/azure/mgmt/security/operations/{_io_tsecurity_solutions_operations.py => _secure_scores_operations.py} (51%) create mode 100644 sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_sub_assessments_operations.py diff --git a/sdk/security/azure-mgmt-security/README.md b/sdk/security/azure-mgmt-security/README.md index c1b36eada037..1b25cd26adb6 100644 --- a/sdk/security/azure-mgmt-security/README.md +++ b/sdk/security/azure-mgmt-security/README.md @@ -1,29 +1,21 @@ -## Microsoft Azure SDK for Python +# Microsoft Azure SDK for Python This is the Microsoft Azure Security Center Management Client Library. +This package has been tested with Python 2.7, 3.5, 3.6, 3.7 and 3.8. +For a more complete view of Azure libraries, see the [Github repo](https://github.com/Azure/azure-sdk-for-python/) -Azure Resource Manager (ARM) is the next generation of management APIs -that replace the old Azure Service Management (ASM). -This package has been tested with Python 2.7, 3.5, 3.6 and 3.7. +# Usage -For the older Azure Service Management (ASM) libraries, see -[azure-servicemanagement-legacy](https://pypi.python.org/pypi/azure-servicemanagement-legacy) -library. +For code examples, see [Security Center Management](https://docs.microsoft.com/python/api/overview/azure/) +on docs.microsoft.com. -For a more complete set of Azure libraries, see the -[azure](https://pypi.python.org/pypi/azure) bundle package. -## Usage +# Provide Feedback -For code examples, see [Security Center -Management](https://docs.microsoft.com/python/api/overview/azure/) on -docs.microsoft.com. - -## Provide Feedback - -If you encounter any bugs or have suggestions, please file an issue in -the [Issues](https://github.com/Azure/azure-sdk-for-python/issues) +If you encounter any bugs or have suggestions, please file an issue in the +[Issues](https://github.com/Azure/azure-sdk-for-python/issues) section of the project. -![image](https://azure-sdk-impressions.azurewebsites.net/api/impressions/azure-sdk-for-python%2Fazure-mgmt-security%2FREADME.png) + +![Impressions](https://azure-sdk-impressions.azurewebsites.net/api/impressions/azure-sdk-for-python%2Fazure-mgmt-security%2FREADME.png) diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/_security_center.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/_security_center.py index 342c5d61f0e1..53ebef4f5225 100644 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/_security_center.py +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/_security_center.py @@ -17,24 +17,15 @@ from .operations import PricingsOperations from .operations import AlertsOperations from .operations import SettingsOperations -from .operations import IoTSecuritySolutionsOperations -from .operations import IoTSecuritySolutionsResourceGroupOperations +from .operations import AdvancedThreatProtectionOperations +from .operations import DeviceSecurityGroupsOperations from .operations import IotSecuritySolutionOperations -from .operations import IoTSecuritySolutionsAnalyticsOperations -from .operations import IoTSecuritySolutionsAnalyticsAggregatedAlertsOperations -from .operations import IoTSecuritySolutionsAnalyticsAggregatedAlertOperations -from .operations import IoTSecuritySolutionsAnalyticsRecommendationOperations -from .operations import IoTSecuritySolutionsAnalyticsRecommendationsOperations -from .operations import AllowedConnectionsOperations -from .operations import DiscoveredSecuritySolutionsOperations -from .operations import ExternalSecuritySolutionsOperations -from .operations import JitNetworkAccessPoliciesOperations -from .operations import AdaptiveApplicationControlsOperations +from .operations import IotSecuritySolutionAnalyticsOperations +from .operations import IotSecuritySolutionsAnalyticsAggregatedAlertOperations +from .operations import IotSecuritySolutionsAnalyticsRecommendationOperations from .operations import LocationsOperations from .operations import Operations from .operations import TasksOperations -from .operations import TopologyOperations -from .operations import AdvancedThreatProtectionOperations from .operations import AutoProvisioningSettingsOperations from .operations import CompliancesOperations from .operations import InformationProtectionPoliciesOperations @@ -44,6 +35,21 @@ from .operations import RegulatoryComplianceControlsOperations from .operations import RegulatoryComplianceAssessmentsOperations from .operations import ServerVulnerabilityAssessmentOperations +from .operations import SubAssessmentsOperations +from .operations import AutomationsOperations +from .operations import AlertsSuppressionRulesOperations +from .operations import AssessmentsMetadataOperations +from .operations import AssessmentsOperations +from .operations import AdaptiveApplicationControlsOperations +from .operations import AdaptiveNetworkHardeningsOperations +from .operations import AllowedConnectionsOperations +from .operations import TopologyOperations +from .operations import JitNetworkAccessPoliciesOperations +from .operations import DiscoveredSecuritySolutionsOperations +from .operations import ExternalSecuritySolutionsOperations +from .operations import SecureScoresOperations +from .operations import SecureScoreControlsOperations +from .operations import SecureScoreControlDefinitionsOperations from . import models @@ -61,42 +67,24 @@ class SecurityCenter(SDKClient): :vartype alerts: azure.mgmt.security.operations.AlertsOperations :ivar settings: Settings operations :vartype settings: azure.mgmt.security.operations.SettingsOperations - :ivar io_tsecurity_solutions: IoTSecuritySolutions operations - :vartype io_tsecurity_solutions: azure.mgmt.security.operations.IoTSecuritySolutionsOperations - :ivar io_tsecurity_solutions_resource_group: IoTSecuritySolutionsResourceGroup operations - :vartype io_tsecurity_solutions_resource_group: azure.mgmt.security.operations.IoTSecuritySolutionsResourceGroupOperations + :ivar advanced_threat_protection: AdvancedThreatProtection operations + :vartype advanced_threat_protection: azure.mgmt.security.operations.AdvancedThreatProtectionOperations + :ivar device_security_groups: DeviceSecurityGroups operations + :vartype device_security_groups: azure.mgmt.security.operations.DeviceSecurityGroupsOperations :ivar iot_security_solution: IotSecuritySolution operations :vartype iot_security_solution: azure.mgmt.security.operations.IotSecuritySolutionOperations - :ivar io_tsecurity_solutions_analytics: IoTSecuritySolutionsAnalytics operations - :vartype io_tsecurity_solutions_analytics: azure.mgmt.security.operations.IoTSecuritySolutionsAnalyticsOperations - :ivar io_tsecurity_solutions_analytics_aggregated_alerts: IoTSecuritySolutionsAnalyticsAggregatedAlerts operations - :vartype io_tsecurity_solutions_analytics_aggregated_alerts: azure.mgmt.security.operations.IoTSecuritySolutionsAnalyticsAggregatedAlertsOperations - :ivar io_tsecurity_solutions_analytics_aggregated_alert: IoTSecuritySolutionsAnalyticsAggregatedAlert operations - :vartype io_tsecurity_solutions_analytics_aggregated_alert: azure.mgmt.security.operations.IoTSecuritySolutionsAnalyticsAggregatedAlertOperations - :ivar io_tsecurity_solutions_analytics_recommendation: IoTSecuritySolutionsAnalyticsRecommendation operations - :vartype io_tsecurity_solutions_analytics_recommendation: azure.mgmt.security.operations.IoTSecuritySolutionsAnalyticsRecommendationOperations - :ivar io_tsecurity_solutions_analytics_recommendations: IoTSecuritySolutionsAnalyticsRecommendations operations - :vartype io_tsecurity_solutions_analytics_recommendations: azure.mgmt.security.operations.IoTSecuritySolutionsAnalyticsRecommendationsOperations - :ivar allowed_connections: AllowedConnections operations - :vartype allowed_connections: azure.mgmt.security.operations.AllowedConnectionsOperations - :ivar discovered_security_solutions: DiscoveredSecuritySolutions operations - :vartype discovered_security_solutions: azure.mgmt.security.operations.DiscoveredSecuritySolutionsOperations - :ivar external_security_solutions: ExternalSecuritySolutions operations - :vartype external_security_solutions: azure.mgmt.security.operations.ExternalSecuritySolutionsOperations - :ivar jit_network_access_policies: JitNetworkAccessPolicies operations - :vartype jit_network_access_policies: azure.mgmt.security.operations.JitNetworkAccessPoliciesOperations - :ivar adaptive_application_controls: AdaptiveApplicationControls operations - :vartype adaptive_application_controls: azure.mgmt.security.operations.AdaptiveApplicationControlsOperations + :ivar iot_security_solution_analytics: IotSecuritySolutionAnalytics operations + :vartype iot_security_solution_analytics: azure.mgmt.security.operations.IotSecuritySolutionAnalyticsOperations + :ivar iot_security_solutions_analytics_aggregated_alert: IotSecuritySolutionsAnalyticsAggregatedAlert operations + :vartype iot_security_solutions_analytics_aggregated_alert: azure.mgmt.security.operations.IotSecuritySolutionsAnalyticsAggregatedAlertOperations + :ivar iot_security_solutions_analytics_recommendation: IotSecuritySolutionsAnalyticsRecommendation operations + :vartype iot_security_solutions_analytics_recommendation: azure.mgmt.security.operations.IotSecuritySolutionsAnalyticsRecommendationOperations :ivar locations: Locations operations :vartype locations: azure.mgmt.security.operations.LocationsOperations :ivar operations: Operations operations :vartype operations: azure.mgmt.security.operations.Operations :ivar tasks: Tasks operations :vartype tasks: azure.mgmt.security.operations.TasksOperations - :ivar topology: Topology operations - :vartype topology: azure.mgmt.security.operations.TopologyOperations - :ivar advanced_threat_protection: AdvancedThreatProtection operations - :vartype advanced_threat_protection: azure.mgmt.security.operations.AdvancedThreatProtectionOperations :ivar auto_provisioning_settings: AutoProvisioningSettings operations :vartype auto_provisioning_settings: azure.mgmt.security.operations.AutoProvisioningSettingsOperations :ivar compliances: Compliances operations @@ -115,6 +103,36 @@ class SecurityCenter(SDKClient): :vartype regulatory_compliance_assessments: azure.mgmt.security.operations.RegulatoryComplianceAssessmentsOperations :ivar server_vulnerability_assessment: ServerVulnerabilityAssessment operations :vartype server_vulnerability_assessment: azure.mgmt.security.operations.ServerVulnerabilityAssessmentOperations + :ivar sub_assessments: SubAssessments operations + :vartype sub_assessments: azure.mgmt.security.operations.SubAssessmentsOperations + :ivar automations: Automations operations + :vartype automations: azure.mgmt.security.operations.AutomationsOperations + :ivar alerts_suppression_rules: AlertsSuppressionRules operations + :vartype alerts_suppression_rules: azure.mgmt.security.operations.AlertsSuppressionRulesOperations + :ivar assessments_metadata: AssessmentsMetadata operations + :vartype assessments_metadata: azure.mgmt.security.operations.AssessmentsMetadataOperations + :ivar assessments: Assessments operations + :vartype assessments: azure.mgmt.security.operations.AssessmentsOperations + :ivar adaptive_application_controls: AdaptiveApplicationControls operations + :vartype adaptive_application_controls: azure.mgmt.security.operations.AdaptiveApplicationControlsOperations + :ivar adaptive_network_hardenings: AdaptiveNetworkHardenings operations + :vartype adaptive_network_hardenings: azure.mgmt.security.operations.AdaptiveNetworkHardeningsOperations + :ivar allowed_connections: AllowedConnections operations + :vartype allowed_connections: azure.mgmt.security.operations.AllowedConnectionsOperations + :ivar topology: Topology operations + :vartype topology: azure.mgmt.security.operations.TopologyOperations + :ivar jit_network_access_policies: JitNetworkAccessPolicies operations + :vartype jit_network_access_policies: azure.mgmt.security.operations.JitNetworkAccessPoliciesOperations + :ivar discovered_security_solutions: DiscoveredSecuritySolutions operations + :vartype discovered_security_solutions: azure.mgmt.security.operations.DiscoveredSecuritySolutionsOperations + :ivar external_security_solutions: ExternalSecuritySolutions operations + :vartype external_security_solutions: azure.mgmt.security.operations.ExternalSecuritySolutionsOperations + :ivar secure_scores: SecureScores operations + :vartype secure_scores: azure.mgmt.security.operations.SecureScoresOperations + :ivar secure_score_controls: SecureScoreControls operations + :vartype secure_score_controls: azure.mgmt.security.operations.SecureScoreControlsOperations + :ivar secure_score_control_definitions: SecureScoreControlDefinitions operations + :vartype secure_score_control_definitions: azure.mgmt.security.operations.SecureScoreControlDefinitionsOperations :param credentials: Credentials needed for the client to connect to Azure. :type credentials: :mod:`A msrestazure Credentials @@ -145,31 +163,17 @@ def __init__( self._client, self.config, self._serialize, self._deserialize) self.settings = SettingsOperations( self._client, self.config, self._serialize, self._deserialize) - self.io_tsecurity_solutions = IoTSecuritySolutionsOperations( + self.advanced_threat_protection = AdvancedThreatProtectionOperations( self._client, self.config, self._serialize, self._deserialize) - self.io_tsecurity_solutions_resource_group = IoTSecuritySolutionsResourceGroupOperations( + self.device_security_groups = DeviceSecurityGroupsOperations( self._client, self.config, self._serialize, self._deserialize) self.iot_security_solution = IotSecuritySolutionOperations( self._client, self.config, self._serialize, self._deserialize) - self.io_tsecurity_solutions_analytics = IoTSecuritySolutionsAnalyticsOperations( - self._client, self.config, self._serialize, self._deserialize) - self.io_tsecurity_solutions_analytics_aggregated_alerts = IoTSecuritySolutionsAnalyticsAggregatedAlertsOperations( - self._client, self.config, self._serialize, self._deserialize) - self.io_tsecurity_solutions_analytics_aggregated_alert = IoTSecuritySolutionsAnalyticsAggregatedAlertOperations( - self._client, self.config, self._serialize, self._deserialize) - self.io_tsecurity_solutions_analytics_recommendation = IoTSecuritySolutionsAnalyticsRecommendationOperations( - self._client, self.config, self._serialize, self._deserialize) - self.io_tsecurity_solutions_analytics_recommendations = IoTSecuritySolutionsAnalyticsRecommendationsOperations( - self._client, self.config, self._serialize, self._deserialize) - self.allowed_connections = AllowedConnectionsOperations( - self._client, self.config, self._serialize, self._deserialize) - self.discovered_security_solutions = DiscoveredSecuritySolutionsOperations( + self.iot_security_solution_analytics = IotSecuritySolutionAnalyticsOperations( self._client, self.config, self._serialize, self._deserialize) - self.external_security_solutions = ExternalSecuritySolutionsOperations( + self.iot_security_solutions_analytics_aggregated_alert = IotSecuritySolutionsAnalyticsAggregatedAlertOperations( self._client, self.config, self._serialize, self._deserialize) - self.jit_network_access_policies = JitNetworkAccessPoliciesOperations( - self._client, self.config, self._serialize, self._deserialize) - self.adaptive_application_controls = AdaptiveApplicationControlsOperations( + self.iot_security_solutions_analytics_recommendation = IotSecuritySolutionsAnalyticsRecommendationOperations( self._client, self.config, self._serialize, self._deserialize) self.locations = LocationsOperations( self._client, self.config, self._serialize, self._deserialize) @@ -177,10 +181,6 @@ def __init__( self._client, self.config, self._serialize, self._deserialize) self.tasks = TasksOperations( self._client, self.config, self._serialize, self._deserialize) - self.topology = TopologyOperations( - self._client, self.config, self._serialize, self._deserialize) - self.advanced_threat_protection = AdvancedThreatProtectionOperations( - self._client, self.config, self._serialize, self._deserialize) self.auto_provisioning_settings = AutoProvisioningSettingsOperations( self._client, self.config, self._serialize, self._deserialize) self.compliances = CompliancesOperations( @@ -199,3 +199,33 @@ def __init__( self._client, self.config, self._serialize, self._deserialize) self.server_vulnerability_assessment = ServerVulnerabilityAssessmentOperations( self._client, self.config, self._serialize, self._deserialize) + self.sub_assessments = SubAssessmentsOperations( + self._client, self.config, self._serialize, self._deserialize) + self.automations = AutomationsOperations( + self._client, self.config, self._serialize, self._deserialize) + self.alerts_suppression_rules = AlertsSuppressionRulesOperations( + self._client, self.config, self._serialize, self._deserialize) + self.assessments_metadata = AssessmentsMetadataOperations( + self._client, self.config, self._serialize, self._deserialize) + self.assessments = AssessmentsOperations( + self._client, self.config, self._serialize, self._deserialize) + self.adaptive_application_controls = AdaptiveApplicationControlsOperations( + self._client, self.config, self._serialize, self._deserialize) + self.adaptive_network_hardenings = AdaptiveNetworkHardeningsOperations( + self._client, self.config, self._serialize, self._deserialize) + self.allowed_connections = AllowedConnectionsOperations( + self._client, self.config, self._serialize, self._deserialize) + self.topology = TopologyOperations( + self._client, self.config, self._serialize, self._deserialize) + self.jit_network_access_policies = JitNetworkAccessPoliciesOperations( + self._client, self.config, self._serialize, self._deserialize) + self.discovered_security_solutions = DiscoveredSecuritySolutionsOperations( + self._client, self.config, self._serialize, self._deserialize) + self.external_security_solutions = ExternalSecuritySolutionsOperations( + self._client, self.config, self._serialize, self._deserialize) + self.secure_scores = SecureScoresOperations( + self._client, self.config, self._serialize, self._deserialize) + self.secure_score_controls = SecureScoreControlsOperations( + self._client, self.config, self._serialize, self._deserialize) + self.secure_score_control_definitions = SecureScoreControlDefinitionsOperations( + self._client, self.config, self._serialize, self._deserialize) diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/models/__init__.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/models/__init__.py index b09be32d96b1..0ec802c22392 100644 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/models/__init__.py +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/models/__init__.py @@ -13,19 +13,41 @@ from ._models_py3 import AadConnectivityState1 from ._models_py3 import AadExternalSecuritySolution from ._models_py3 import AadSolutionProperties + from ._models_py3 import ActiveConnectionsNotInAllowedRange + from ._models_py3 import AdaptiveNetworkHardening + from ._models_py3 import AdaptiveNetworkHardeningEnforceRequest + from ._models_py3 import AdditionalData from ._models_py3 import AdvancedThreatProtectionSetting from ._models_py3 import Alert from ._models_py3 import AlertConfidenceReason from ._models_py3 import AlertEntity + from ._models_py3 import AlertsSuppressionRule from ._models_py3 import AllowedConnectionsResource + from ._models_py3 import AllowlistCustomAlertRule + from ._models_py3 import AmqpC2DMessagesNotInAllowedRange + from ._models_py3 import AmqpC2DRejectedMessagesNotInAllowedRange + from ._models_py3 import AmqpD2CMessagesNotInAllowedRange from ._models_py3 import AppWhitelistingGroup from ._models_py3 import AppWhitelistingGroups from ._models_py3 import AppWhitelistingIssueSummary - from ._models_py3 import AppWhitelistingPutGroupData from ._models_py3 import AscLocation + from ._models_py3 import AssessmentLinks + from ._models_py3 import AssessmentStatus from ._models_py3 import AtaExternalSecuritySolution from ._models_py3 import AtaSolutionProperties + from ._models_py3 import Automation + from ._models_py3 import AutomationAction + from ._models_py3 import AutomationActionEventHub + from ._models_py3 import AutomationActionLogicApp + from ._models_py3 import AutomationActionWorkspace + from ._models_py3 import AutomationRuleSet + from ._models_py3 import AutomationScope + from ._models_py3 import AutomationSource + from ._models_py3 import AutomationTriggeringRule + from ._models_py3 import AutomationValidationStatus from ._models_py3 import AutoProvisioningSetting + from ._models_py3 import AzureResourceDetails + from ._models_py3 import AzureResourceLink from ._models_py3 import CefExternalSecuritySolution from ._models_py3 import CefSolutionProperties from ._models_py3 import Compliance @@ -34,22 +56,35 @@ from ._models_py3 import ConnectableResource from ._models_py3 import ConnectedResource from ._models_py3 import ConnectedWorkspace - from ._models_py3 import DataExportSetting + from ._models_py3 import ConnectionToIpNotAllowed + from ._models_py3 import ContainerRegistryVulnerabilityProperties + from ._models_py3 import CustomAlertRule + from ._models_py3 import CVE + from ._models_py3 import CVSS + from ._models_py3 import DataExportSettings + from ._models_py3 import DenylistCustomAlertRule + from ._models_py3 import DeviceSecurityGroup + from ._models_py3 import DirectMethodInvokesNotInAllowedRange from ._models_py3 import DiscoveredSecuritySolution + from ._models_py3 import EffectiveNetworkSecurityGroups + from ._models_py3 import ETag from ._models_py3 import ExternalSecuritySolution from ._models_py3 import ExternalSecuritySolutionKind1 from ._models_py3 import ExternalSecuritySolutionProperties + from ._models_py3 import FailedLocalLoginsNotInAllowedRange + from ._models_py3 import FileUploadsNotInAllowedRange + from ._models_py3 import HttpC2DMessagesNotInAllowedRange + from ._models_py3 import HttpC2DRejectedMessagesNotInAllowedRange + from ._models_py3 import HttpD2CMessagesNotInAllowedRange from ._models_py3 import InformationProtectionKeyword from ._models_py3 import InformationProtectionPolicy from ._models_py3 import InformationType from ._models_py3 import IoTSecurityAggregatedAlert + from ._models_py3 import IoTSecurityAggregatedAlertPropertiesTopDevicesListItem from ._models_py3 import IoTSecurityAggregatedRecommendation from ._models_py3 import IoTSecurityAlertedDevice - from ._models_py3 import IoTSecurityAlertedDevicesList from ._models_py3 import IoTSecurityDeviceAlert - from ._models_py3 import IoTSecurityDeviceAlertsList from ._models_py3 import IoTSecurityDeviceRecommendation - from ._models_py3 import IoTSecurityDeviceRecommendationsList from ._models_py3 import IoTSecuritySolutionAnalyticsModel from ._models_py3 import IoTSecuritySolutionAnalyticsModelList from ._models_py3 import IoTSecuritySolutionAnalyticsModelPropertiesDevicesMetricsItem @@ -65,53 +100,109 @@ from ._models_py3 import JitNetworkAccessRequestPort from ._models_py3 import JitNetworkAccessRequestVirtualMachine from ._models_py3 import Kind + from ._models_py3 import ListCustomAlertRule + from ._models_py3 import LocalUserNotAllowed from ._models_py3 import Location + from ._models_py3 import MqttC2DMessagesNotInAllowedRange + from ._models_py3 import MqttC2DRejectedMessagesNotInAllowedRange + from ._models_py3 import MqttD2CMessagesNotInAllowedRange + from ._models_py3 import OnPremiseResourceDetails from ._models_py3 import Operation from ._models_py3 import OperationDisplay from ._models_py3 import PathRecommendation from ._models_py3 import Pricing from ._models_py3 import PricingList + from ._models_py3 import ProcessNotAllowed + from ._models_py3 import ProtectionMode from ._models_py3 import PublisherInfo + from ._models_py3 import QueuePurgesNotInAllowedRange from ._models_py3 import RecommendationConfigurationProperties from ._models_py3 import RegulatoryComplianceAssessment from ._models_py3 import RegulatoryComplianceControl from ._models_py3 import RegulatoryComplianceStandard from ._models_py3 import Resource + from ._models_py3 import ResourceDetails + from ._models_py3 import Rule + from ._models_py3 import ScopeElement + from ._models_py3 import SecureScoreControlDefinitionItem + from ._models_py3 import SecureScoreControlDefinitionSource + from ._models_py3 import SecureScoreControlDetails + from ._models_py3 import SecureScoreControlScore + from ._models_py3 import SecureScoreItem + from ._models_py3 import SecurityAssessment + from ._models_py3 import SecurityAssessmentMetadata + from ._models_py3 import SecurityAssessmentMetadataPartnerData + from ._models_py3 import SecurityAssessmentMetadataProperties + from ._models_py3 import SecurityAssessmentPartnerData from ._models_py3 import SecurityContact + from ._models_py3 import SecuritySubAssessment from ._models_py3 import SecurityTask from ._models_py3 import SecurityTaskParameters from ._models_py3 import SensitivityLabel from ._models_py3 import ServerVulnerabilityAssessment from ._models_py3 import ServerVulnerabilityAssessmentsList + from ._models_py3 import ServerVulnerabilityProperties from ._models_py3 import Setting from ._models_py3 import SettingResource + from ._models_py3 import SqlServerVulnerabilityProperties + from ._models_py3 import SubAssessmentStatus + from ._models_py3 import SuppressionAlertsScope + from ._models_py3 import Tags from ._models_py3 import TagsResource + from ._models_py3 import ThresholdCustomAlertRule + from ._models_py3 import TimeWindowCustomAlertRule from ._models_py3 import TopologyResource from ._models_py3 import TopologySingleResource from ._models_py3 import TopologySingleResourceChild from ._models_py3 import TopologySingleResourceParent + from ._models_py3 import TrackedResource + from ._models_py3 import TwinUpdatesNotInAllowedRange + from ._models_py3 import UnauthorizedOperationsNotInAllowedRange from ._models_py3 import UpdateIotSecuritySolutionData from ._models_py3 import UserDefinedResourcesProperties from ._models_py3 import UserRecommendation + from ._models_py3 import VendorReference from ._models_py3 import VmRecommendation from ._models_py3 import WorkspaceSetting except (SyntaxError, ImportError): from ._models import AadConnectivityState1 from ._models import AadExternalSecuritySolution from ._models import AadSolutionProperties + from ._models import ActiveConnectionsNotInAllowedRange + from ._models import AdaptiveNetworkHardening + from ._models import AdaptiveNetworkHardeningEnforceRequest + from ._models import AdditionalData from ._models import AdvancedThreatProtectionSetting from ._models import Alert from ._models import AlertConfidenceReason from ._models import AlertEntity + from ._models import AlertsSuppressionRule from ._models import AllowedConnectionsResource + from ._models import AllowlistCustomAlertRule + from ._models import AmqpC2DMessagesNotInAllowedRange + from ._models import AmqpC2DRejectedMessagesNotInAllowedRange + from ._models import AmqpD2CMessagesNotInAllowedRange from ._models import AppWhitelistingGroup from ._models import AppWhitelistingGroups from ._models import AppWhitelistingIssueSummary - from ._models import AppWhitelistingPutGroupData from ._models import AscLocation + from ._models import AssessmentLinks + from ._models import AssessmentStatus from ._models import AtaExternalSecuritySolution from ._models import AtaSolutionProperties + from ._models import Automation + from ._models import AutomationAction + from ._models import AutomationActionEventHub + from ._models import AutomationActionLogicApp + from ._models import AutomationActionWorkspace + from ._models import AutomationRuleSet + from ._models import AutomationScope + from ._models import AutomationSource + from ._models import AutomationTriggeringRule + from ._models import AutomationValidationStatus from ._models import AutoProvisioningSetting + from ._models import AzureResourceDetails + from ._models import AzureResourceLink from ._models import CefExternalSecuritySolution from ._models import CefSolutionProperties from ._models import Compliance @@ -120,22 +211,35 @@ from ._models import ConnectableResource from ._models import ConnectedResource from ._models import ConnectedWorkspace - from ._models import DataExportSetting + from ._models import ConnectionToIpNotAllowed + from ._models import ContainerRegistryVulnerabilityProperties + from ._models import CustomAlertRule + from ._models import CVE + from ._models import CVSS + from ._models import DataExportSettings + from ._models import DenylistCustomAlertRule + from ._models import DeviceSecurityGroup + from ._models import DirectMethodInvokesNotInAllowedRange from ._models import DiscoveredSecuritySolution + from ._models import EffectiveNetworkSecurityGroups + from ._models import ETag from ._models import ExternalSecuritySolution from ._models import ExternalSecuritySolutionKind1 from ._models import ExternalSecuritySolutionProperties + from ._models import FailedLocalLoginsNotInAllowedRange + from ._models import FileUploadsNotInAllowedRange + from ._models import HttpC2DMessagesNotInAllowedRange + from ._models import HttpC2DRejectedMessagesNotInAllowedRange + from ._models import HttpD2CMessagesNotInAllowedRange from ._models import InformationProtectionKeyword from ._models import InformationProtectionPolicy from ._models import InformationType from ._models import IoTSecurityAggregatedAlert + from ._models import IoTSecurityAggregatedAlertPropertiesTopDevicesListItem from ._models import IoTSecurityAggregatedRecommendation from ._models import IoTSecurityAlertedDevice - from ._models import IoTSecurityAlertedDevicesList from ._models import IoTSecurityDeviceAlert - from ._models import IoTSecurityDeviceAlertsList from ._models import IoTSecurityDeviceRecommendation - from ._models import IoTSecurityDeviceRecommendationsList from ._models import IoTSecuritySolutionAnalyticsModel from ._models import IoTSecuritySolutionAnalyticsModelList from ._models import IoTSecuritySolutionAnalyticsModelPropertiesDevicesMetricsItem @@ -151,42 +255,80 @@ from ._models import JitNetworkAccessRequestPort from ._models import JitNetworkAccessRequestVirtualMachine from ._models import Kind + from ._models import ListCustomAlertRule + from ._models import LocalUserNotAllowed from ._models import Location + from ._models import MqttC2DMessagesNotInAllowedRange + from ._models import MqttC2DRejectedMessagesNotInAllowedRange + from ._models import MqttD2CMessagesNotInAllowedRange + from ._models import OnPremiseResourceDetails from ._models import Operation from ._models import OperationDisplay from ._models import PathRecommendation from ._models import Pricing from ._models import PricingList + from ._models import ProcessNotAllowed + from ._models import ProtectionMode from ._models import PublisherInfo + from ._models import QueuePurgesNotInAllowedRange from ._models import RecommendationConfigurationProperties from ._models import RegulatoryComplianceAssessment from ._models import RegulatoryComplianceControl from ._models import RegulatoryComplianceStandard from ._models import Resource + from ._models import ResourceDetails + from ._models import Rule + from ._models import ScopeElement + from ._models import SecureScoreControlDefinitionItem + from ._models import SecureScoreControlDefinitionSource + from ._models import SecureScoreControlDetails + from ._models import SecureScoreControlScore + from ._models import SecureScoreItem + from ._models import SecurityAssessment + from ._models import SecurityAssessmentMetadata + from ._models import SecurityAssessmentMetadataPartnerData + from ._models import SecurityAssessmentMetadataProperties + from ._models import SecurityAssessmentPartnerData from ._models import SecurityContact + from ._models import SecuritySubAssessment from ._models import SecurityTask from ._models import SecurityTaskParameters from ._models import SensitivityLabel from ._models import ServerVulnerabilityAssessment from ._models import ServerVulnerabilityAssessmentsList + from ._models import ServerVulnerabilityProperties from ._models import Setting from ._models import SettingResource + from ._models import SqlServerVulnerabilityProperties + from ._models import SubAssessmentStatus + from ._models import SuppressionAlertsScope + from ._models import Tags from ._models import TagsResource + from ._models import ThresholdCustomAlertRule + from ._models import TimeWindowCustomAlertRule from ._models import TopologyResource from ._models import TopologySingleResource from ._models import TopologySingleResourceChild from ._models import TopologySingleResourceParent + from ._models import TrackedResource + from ._models import TwinUpdatesNotInAllowedRange + from ._models import UnauthorizedOperationsNotInAllowedRange from ._models import UpdateIotSecuritySolutionData from ._models import UserDefinedResourcesProperties from ._models import UserRecommendation + from ._models import VendorReference from ._models import VmRecommendation from ._models import WorkspaceSetting +from ._paged_models import AdaptiveNetworkHardeningPaged from ._paged_models import AlertPaged +from ._paged_models import AlertsSuppressionRulePaged from ._paged_models import AllowedConnectionsResourcePaged from ._paged_models import AscLocationPaged +from ._paged_models import AutomationPaged from ._paged_models import AutoProvisioningSettingPaged from ._paged_models import CompliancePaged from ._paged_models import ComplianceResultPaged +from ._paged_models import DeviceSecurityGroupPaged from ._paged_models import DiscoveredSecuritySolutionPaged from ._paged_models import ExternalSecuritySolutionPaged from ._paged_models import InformationProtectionPolicyPaged @@ -198,7 +340,13 @@ from ._paged_models import RegulatoryComplianceAssessmentPaged from ._paged_models import RegulatoryComplianceControlPaged from ._paged_models import RegulatoryComplianceStandardPaged +from ._paged_models import SecureScoreControlDefinitionItemPaged +from ._paged_models import SecureScoreControlDetailsPaged +from ._paged_models import SecureScoreItemPaged +from ._paged_models import SecurityAssessmentMetadataPaged +from ._paged_models import SecurityAssessmentPaged from ._paged_models import SecurityContactPaged +from ._paged_models import SecuritySubAssessmentPaged from ._paged_models import SecurityTaskPaged from ._paged_models import SettingPaged from ._paged_models import TopologyResourcePaged @@ -207,42 +355,83 @@ ResourceStatus, PricingTier, ReportedSeverity, - SettingKind, + ValueType, SecuritySolutionStatus, ExportData, DataSource, RecommendationType, RecommendationConfigStatus, - SecurityFamily, - AadConnectivityState, - ExternalSecuritySolutionKind, - Protocol, - Status, - StatusReason, + UnmaskedIpLoggingStatus, AutoProvision, + Rank, AlertNotifications, AlertsToAdmins, State, + SubAssessmentStatusCode, + Severity, + EventSource, + PropertyType, + Operator, + RuleState, + Category, + UserImpact, + ImplementationEffort, + Threats, + AssessmentType, + AssessmentStatusCode, + Direction, + TransportProtocol, + Protocol, + Status, + StatusReason, + SecurityFamily, + AadConnectivityState, + ExternalSecuritySolutionKind, + ControlType, + ExpandEnum, ConnectionType, + ExpandControlsEnum, ) __all__ = [ 'AadConnectivityState1', 'AadExternalSecuritySolution', 'AadSolutionProperties', + 'ActiveConnectionsNotInAllowedRange', + 'AdaptiveNetworkHardening', + 'AdaptiveNetworkHardeningEnforceRequest', + 'AdditionalData', 'AdvancedThreatProtectionSetting', 'Alert', 'AlertConfidenceReason', 'AlertEntity', + 'AlertsSuppressionRule', 'AllowedConnectionsResource', + 'AllowlistCustomAlertRule', + 'AmqpC2DMessagesNotInAllowedRange', + 'AmqpC2DRejectedMessagesNotInAllowedRange', + 'AmqpD2CMessagesNotInAllowedRange', 'AppWhitelistingGroup', 'AppWhitelistingGroups', 'AppWhitelistingIssueSummary', - 'AppWhitelistingPutGroupData', 'AscLocation', + 'AssessmentLinks', + 'AssessmentStatus', 'AtaExternalSecuritySolution', 'AtaSolutionProperties', + 'Automation', + 'AutomationAction', + 'AutomationActionEventHub', + 'AutomationActionLogicApp', + 'AutomationActionWorkspace', + 'AutomationRuleSet', + 'AutomationScope', + 'AutomationSource', + 'AutomationTriggeringRule', + 'AutomationValidationStatus', 'AutoProvisioningSetting', + 'AzureResourceDetails', + 'AzureResourceLink', 'CefExternalSecuritySolution', 'CefSolutionProperties', 'Compliance', @@ -251,22 +440,35 @@ 'ConnectableResource', 'ConnectedResource', 'ConnectedWorkspace', - 'DataExportSetting', + 'ConnectionToIpNotAllowed', + 'ContainerRegistryVulnerabilityProperties', + 'CustomAlertRule', + 'CVE', + 'CVSS', + 'DataExportSettings', + 'DenylistCustomAlertRule', + 'DeviceSecurityGroup', + 'DirectMethodInvokesNotInAllowedRange', 'DiscoveredSecuritySolution', + 'EffectiveNetworkSecurityGroups', + 'ETag', 'ExternalSecuritySolution', 'ExternalSecuritySolutionKind1', 'ExternalSecuritySolutionProperties', + 'FailedLocalLoginsNotInAllowedRange', + 'FileUploadsNotInAllowedRange', + 'HttpC2DMessagesNotInAllowedRange', + 'HttpC2DRejectedMessagesNotInAllowedRange', + 'HttpD2CMessagesNotInAllowedRange', 'InformationProtectionKeyword', 'InformationProtectionPolicy', 'InformationType', 'IoTSecurityAggregatedAlert', + 'IoTSecurityAggregatedAlertPropertiesTopDevicesListItem', 'IoTSecurityAggregatedRecommendation', 'IoTSecurityAlertedDevice', - 'IoTSecurityAlertedDevicesList', 'IoTSecurityDeviceAlert', - 'IoTSecurityDeviceAlertsList', 'IoTSecurityDeviceRecommendation', - 'IoTSecurityDeviceRecommendationsList', 'IoTSecuritySolutionAnalyticsModel', 'IoTSecuritySolutionAnalyticsModelList', 'IoTSecuritySolutionAnalyticsModelPropertiesDevicesMetricsItem', @@ -282,50 +484,80 @@ 'JitNetworkAccessRequestPort', 'JitNetworkAccessRequestVirtualMachine', 'Kind', + 'ListCustomAlertRule', + 'LocalUserNotAllowed', 'Location', + 'MqttC2DMessagesNotInAllowedRange', + 'MqttC2DRejectedMessagesNotInAllowedRange', + 'MqttD2CMessagesNotInAllowedRange', + 'OnPremiseResourceDetails', 'Operation', 'OperationDisplay', 'PathRecommendation', 'Pricing', 'PricingList', + 'ProcessNotAllowed', + 'ProtectionMode', 'PublisherInfo', + 'QueuePurgesNotInAllowedRange', 'RecommendationConfigurationProperties', 'RegulatoryComplianceAssessment', 'RegulatoryComplianceControl', 'RegulatoryComplianceStandard', 'Resource', + 'ResourceDetails', + 'Rule', + 'ScopeElement', + 'SecureScoreControlDefinitionItem', + 'SecureScoreControlDefinitionSource', + 'SecureScoreControlDetails', + 'SecureScoreControlScore', + 'SecureScoreItem', + 'SecurityAssessment', + 'SecurityAssessmentMetadata', + 'SecurityAssessmentMetadataPartnerData', + 'SecurityAssessmentMetadataProperties', + 'SecurityAssessmentPartnerData', 'SecurityContact', + 'SecuritySubAssessment', 'SecurityTask', 'SecurityTaskParameters', 'SensitivityLabel', 'ServerVulnerabilityAssessment', 'ServerVulnerabilityAssessmentsList', + 'ServerVulnerabilityProperties', 'Setting', 'SettingResource', + 'SqlServerVulnerabilityProperties', + 'SubAssessmentStatus', + 'SuppressionAlertsScope', + 'Tags', 'TagsResource', + 'ThresholdCustomAlertRule', + 'TimeWindowCustomAlertRule', 'TopologyResource', 'TopologySingleResource', 'TopologySingleResourceChild', 'TopologySingleResourceParent', + 'TrackedResource', + 'TwinUpdatesNotInAllowedRange', + 'UnauthorizedOperationsNotInAllowedRange', 'UpdateIotSecuritySolutionData', 'UserDefinedResourcesProperties', 'UserRecommendation', + 'VendorReference', 'VmRecommendation', 'WorkspaceSetting', 'ComplianceResultPaged', 'AlertPaged', 'SettingPaged', + 'DeviceSecurityGroupPaged', 'IoTSecuritySolutionModelPaged', 'IoTSecurityAggregatedAlertPaged', 'IoTSecurityAggregatedRecommendationPaged', - 'AllowedConnectionsResourcePaged', - 'DiscoveredSecuritySolutionPaged', - 'ExternalSecuritySolutionPaged', - 'JitNetworkAccessPolicyPaged', 'AscLocationPaged', 'OperationPaged', 'SecurityTaskPaged', - 'TopologyResourcePaged', 'AutoProvisioningSettingPaged', 'CompliancePaged', 'InformationProtectionPolicyPaged', @@ -334,24 +566,57 @@ 'RegulatoryComplianceStandardPaged', 'RegulatoryComplianceControlPaged', 'RegulatoryComplianceAssessmentPaged', + 'SecuritySubAssessmentPaged', + 'AutomationPaged', + 'AlertsSuppressionRulePaged', + 'SecurityAssessmentMetadataPaged', + 'SecurityAssessmentPaged', + 'AdaptiveNetworkHardeningPaged', + 'AllowedConnectionsResourcePaged', + 'TopologyResourcePaged', + 'JitNetworkAccessPolicyPaged', + 'DiscoveredSecuritySolutionPaged', + 'ExternalSecuritySolutionPaged', + 'SecureScoreItemPaged', + 'SecureScoreControlDetailsPaged', + 'SecureScoreControlDefinitionItemPaged', 'ResourceStatus', 'PricingTier', 'ReportedSeverity', - 'SettingKind', + 'ValueType', 'SecuritySolutionStatus', 'ExportData', 'DataSource', 'RecommendationType', 'RecommendationConfigStatus', - 'SecurityFamily', - 'AadConnectivityState', - 'ExternalSecuritySolutionKind', - 'Protocol', - 'Status', - 'StatusReason', + 'UnmaskedIpLoggingStatus', 'AutoProvision', + 'Rank', 'AlertNotifications', 'AlertsToAdmins', 'State', + 'SubAssessmentStatusCode', + 'Severity', + 'EventSource', + 'PropertyType', + 'Operator', + 'RuleState', + 'Category', + 'UserImpact', + 'ImplementationEffort', + 'Threats', + 'AssessmentType', + 'AssessmentStatusCode', + 'Direction', + 'TransportProtocol', + 'Protocol', + 'Status', + 'StatusReason', + 'SecurityFamily', + 'AadConnectivityState', + 'ExternalSecuritySolutionKind', + 'ControlType', + 'ExpandEnum', 'ConnectionType', + 'ExpandControlsEnum', ] diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_models.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_models.py index 814deff5ee6b..d6d9e2596d17 100644 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_models.py +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_models.py @@ -164,6 +164,223 @@ def __init__(self, **kwargs): self.connectivity_state = kwargs.get('connectivity_state', None) +class CustomAlertRule(Model): + """A custom alert rule. + + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: ThresholdCustomAlertRule, ListCustomAlertRule + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + """ + + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + } + + _subtype_map = { + 'rule_type': {'ThresholdCustomAlertRule': 'ThresholdCustomAlertRule', 'ListCustomAlertRule': 'ListCustomAlertRule'} + } + + def __init__(self, **kwargs): + super(CustomAlertRule, self).__init__(**kwargs) + self.display_name = None + self.description = None + self.is_enabled = kwargs.get('is_enabled', None) + self.rule_type = None + + +class ThresholdCustomAlertRule(CustomAlertRule): + """A custom alert rule that checks if a value (depends on the custom alert + type) is within the given range. + + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: TimeWindowCustomAlertRule + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :param min_threshold: Required. The minimum threshold. + :type min_threshold: int + :param max_threshold: Required. The maximum threshold. + :type max_threshold: int + """ + + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'min_threshold': {'required': True}, + 'max_threshold': {'required': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'min_threshold': {'key': 'minThreshold', 'type': 'int'}, + 'max_threshold': {'key': 'maxThreshold', 'type': 'int'}, + } + + _subtype_map = { + 'rule_type': {'TimeWindowCustomAlertRule': 'TimeWindowCustomAlertRule'} + } + + def __init__(self, **kwargs): + super(ThresholdCustomAlertRule, self).__init__(**kwargs) + self.min_threshold = kwargs.get('min_threshold', None) + self.max_threshold = kwargs.get('max_threshold', None) + self.rule_type = 'ThresholdCustomAlertRule' + + +class TimeWindowCustomAlertRule(ThresholdCustomAlertRule): + """A custom alert rule that checks if the number of activities (depends on the + custom alert type) in a time window is within the given range. + + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: ActiveConnectionsNotInAllowedRange, + AmqpC2DMessagesNotInAllowedRange, MqttC2DMessagesNotInAllowedRange, + HttpC2DMessagesNotInAllowedRange, AmqpC2DRejectedMessagesNotInAllowedRange, + MqttC2DRejectedMessagesNotInAllowedRange, + HttpC2DRejectedMessagesNotInAllowedRange, AmqpD2CMessagesNotInAllowedRange, + MqttD2CMessagesNotInAllowedRange, HttpD2CMessagesNotInAllowedRange, + DirectMethodInvokesNotInAllowedRange, FailedLocalLoginsNotInAllowedRange, + FileUploadsNotInAllowedRange, QueuePurgesNotInAllowedRange, + TwinUpdatesNotInAllowedRange, UnauthorizedOperationsNotInAllowedRange + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :param min_threshold: Required. The minimum threshold. + :type min_threshold: int + :param max_threshold: Required. The maximum threshold. + :type max_threshold: int + :param time_window_size: Required. The time window size in iso8601 format. + :type time_window_size: timedelta + """ + + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'min_threshold': {'required': True}, + 'max_threshold': {'required': True}, + 'time_window_size': {'required': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'min_threshold': {'key': 'minThreshold', 'type': 'int'}, + 'max_threshold': {'key': 'maxThreshold', 'type': 'int'}, + 'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'}, + } + + _subtype_map = { + 'rule_type': {'ActiveConnectionsNotInAllowedRange': 'ActiveConnectionsNotInAllowedRange', 'AmqpC2DMessagesNotInAllowedRange': 'AmqpC2DMessagesNotInAllowedRange', 'MqttC2DMessagesNotInAllowedRange': 'MqttC2DMessagesNotInAllowedRange', 'HttpC2DMessagesNotInAllowedRange': 'HttpC2DMessagesNotInAllowedRange', 'AmqpC2DRejectedMessagesNotInAllowedRange': 'AmqpC2DRejectedMessagesNotInAllowedRange', 'MqttC2DRejectedMessagesNotInAllowedRange': 'MqttC2DRejectedMessagesNotInAllowedRange', 'HttpC2DRejectedMessagesNotInAllowedRange': 'HttpC2DRejectedMessagesNotInAllowedRange', 'AmqpD2CMessagesNotInAllowedRange': 'AmqpD2CMessagesNotInAllowedRange', 'MqttD2CMessagesNotInAllowedRange': 'MqttD2CMessagesNotInAllowedRange', 'HttpD2CMessagesNotInAllowedRange': 'HttpD2CMessagesNotInAllowedRange', 'DirectMethodInvokesNotInAllowedRange': 'DirectMethodInvokesNotInAllowedRange', 'FailedLocalLoginsNotInAllowedRange': 'FailedLocalLoginsNotInAllowedRange', 'FileUploadsNotInAllowedRange': 'FileUploadsNotInAllowedRange', 'QueuePurgesNotInAllowedRange': 'QueuePurgesNotInAllowedRange', 'TwinUpdatesNotInAllowedRange': 'TwinUpdatesNotInAllowedRange', 'UnauthorizedOperationsNotInAllowedRange': 'UnauthorizedOperationsNotInAllowedRange'} + } + + def __init__(self, **kwargs): + super(TimeWindowCustomAlertRule, self).__init__(**kwargs) + self.time_window_size = kwargs.get('time_window_size', None) + self.rule_type = 'TimeWindowCustomAlertRule' + + +class ActiveConnectionsNotInAllowedRange(TimeWindowCustomAlertRule): + """Number of active connections is not in allowed range. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :param min_threshold: Required. The minimum threshold. + :type min_threshold: int + :param max_threshold: Required. The maximum threshold. + :type max_threshold: int + :param time_window_size: Required. The time window size in iso8601 format. + :type time_window_size: timedelta + """ + + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'min_threshold': {'required': True}, + 'max_threshold': {'required': True}, + 'time_window_size': {'required': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'min_threshold': {'key': 'minThreshold', 'type': 'int'}, + 'max_threshold': {'key': 'maxThreshold', 'type': 'int'}, + 'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'}, + } + + def __init__(self, **kwargs): + super(ActiveConnectionsNotInAllowedRange, self).__init__(**kwargs) + self.rule_type = 'ActiveConnectionsNotInAllowedRange' + + class Resource(Model): """Describes an Azure resource. @@ -197,6 +414,112 @@ def __init__(self, **kwargs): self.type = None +class AdaptiveNetworkHardening(Resource): + """The resource whose properties describes the Adaptive Network Hardening + settings for some Azure resource. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Resource Id + :vartype id: str + :ivar name: Resource name + :vartype name: str + :ivar type: Resource type + :vartype type: str + :param rules: The security rules which are recommended to be effective on + the VM + :type rules: list[~azure.mgmt.security.models.Rule] + :param rules_calculation_time: The UTC time on which the rules were + calculated + :type rules_calculation_time: datetime + :param effective_network_security_groups: The Network Security Groups + effective on the network interfaces of the protected resource + :type effective_network_security_groups: + list[~azure.mgmt.security.models.EffectiveNetworkSecurityGroups] + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'rules': {'key': 'properties.rules', 'type': '[Rule]'}, + 'rules_calculation_time': {'key': 'properties.rulesCalculationTime', 'type': 'iso-8601'}, + 'effective_network_security_groups': {'key': 'properties.effectiveNetworkSecurityGroups', 'type': '[EffectiveNetworkSecurityGroups]'}, + } + + def __init__(self, **kwargs): + super(AdaptiveNetworkHardening, self).__init__(**kwargs) + self.rules = kwargs.get('rules', None) + self.rules_calculation_time = kwargs.get('rules_calculation_time', None) + self.effective_network_security_groups = kwargs.get('effective_network_security_groups', None) + + +class AdaptiveNetworkHardeningEnforceRequest(Model): + """AdaptiveNetworkHardeningEnforceRequest. + + All required parameters must be populated in order to send to Azure. + + :param rules: Required. The rules to enforce + :type rules: list[~azure.mgmt.security.models.Rule] + :param network_security_groups: Required. The Azure resource IDs of the + effective network security groups that will be updated with the created + security rules from the Adaptive Network Hardening rules + :type network_security_groups: list[str] + """ + + _validation = { + 'rules': {'required': True}, + 'network_security_groups': {'required': True}, + } + + _attribute_map = { + 'rules': {'key': 'rules', 'type': '[Rule]'}, + 'network_security_groups': {'key': 'networkSecurityGroups', 'type': '[str]'}, + } + + def __init__(self, **kwargs): + super(AdaptiveNetworkHardeningEnforceRequest, self).__init__(**kwargs) + self.rules = kwargs.get('rules', None) + self.network_security_groups = kwargs.get('network_security_groups', None) + + +class AdditionalData(Model): + """Details of the sub-assessment. + + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: SqlServerVulnerabilityProperties, + ContainerRegistryVulnerabilityProperties, ServerVulnerabilityProperties + + All required parameters must be populated in order to send to Azure. + + :param assessed_resource_type: Required. Constant filled by server. + :type assessed_resource_type: str + """ + + _validation = { + 'assessed_resource_type': {'required': True}, + } + + _attribute_map = { + 'assessed_resource_type': {'key': 'assessedResourceType', 'type': 'str'}, + } + + _subtype_map = { + 'assessed_resource_type': {'SqlServerVulnerability': 'SqlServerVulnerabilityProperties', 'ContainerRegistryVulnerability': 'ContainerRegistryVulnerabilityProperties', 'ServerVulnerabilityAssessment': 'ServerVulnerabilityProperties'} + } + + def __init__(self, **kwargs): + super(AdditionalData, self).__init__(**kwargs) + self.assessed_resource_type = None + + class AdvancedThreatProtectionSetting(Resource): """The Advanced Threat Protection resource. @@ -441,59 +764,78 @@ def __init__(self, **kwargs): self.type = None -class AllowedConnectionsResource(Model): - """The resource whose properties describes the allowed traffic between Azure - resources. +class AlertsSuppressionRule(Resource): + """Describes the suppression rule. Variables are only populated by the server, and will be ignored when sending a request. + All required parameters must be populated in order to send to Azure. + :ivar id: Resource Id :vartype id: str :ivar name: Resource name :vartype name: str :ivar type: Resource type :vartype type: str - :ivar location: Location where the resource is stored - :vartype location: str - :ivar calculated_date_time: The UTC time on which the allowed connections - resource was calculated - :vartype calculated_date_time: datetime - :ivar connectable_resources: List of connectable resources - :vartype connectable_resources: - list[~azure.mgmt.security.models.ConnectableResource] + :param alert_type: Required. Type of the alert to automatically suppress. + For all alert types, use '*' + :type alert_type: str + :ivar last_modified_utc: The last time this rule was modified + :vartype last_modified_utc: datetime + :param expiration_date_utc: Expiration date of the rule, if value is not + provided or provided as null this field will default to the maximum + allowed expiration date. + :type expiration_date_utc: datetime + :param reason: Required. The reason for dismissing the alert + :type reason: str + :param state: Required. Possible states of the rule. Possible values + include: 'Enabled', 'Disabled', 'Expired' + :type state: str or ~azure.mgmt.security.models.RuleState + :param comment: Any comment regarding the rule + :type comment: str + :param suppression_alerts_scope: The suppression conditions + :type suppression_alerts_scope: + ~azure.mgmt.security.models.SuppressionAlertsScope """ _validation = { 'id': {'readonly': True}, 'name': {'readonly': True}, 'type': {'readonly': True}, - 'location': {'readonly': True}, - 'calculated_date_time': {'readonly': True}, - 'connectable_resources': {'readonly': True}, + 'alert_type': {'required': True}, + 'last_modified_utc': {'readonly': True}, + 'reason': {'required': True}, + 'state': {'required': True}, } _attribute_map = { 'id': {'key': 'id', 'type': 'str'}, 'name': {'key': 'name', 'type': 'str'}, 'type': {'key': 'type', 'type': 'str'}, - 'location': {'key': 'location', 'type': 'str'}, - 'calculated_date_time': {'key': 'properties.calculatedDateTime', 'type': 'iso-8601'}, - 'connectable_resources': {'key': 'properties.connectableResources', 'type': '[ConnectableResource]'}, + 'alert_type': {'key': 'properties.alertType', 'type': 'str'}, + 'last_modified_utc': {'key': 'properties.lastModifiedUtc', 'type': 'iso-8601'}, + 'expiration_date_utc': {'key': 'properties.expirationDateUtc', 'type': 'iso-8601'}, + 'reason': {'key': 'properties.reason', 'type': 'str'}, + 'state': {'key': 'properties.state', 'type': 'RuleState'}, + 'comment': {'key': 'properties.comment', 'type': 'str'}, + 'suppression_alerts_scope': {'key': 'properties.suppressionAlertsScope', 'type': 'SuppressionAlertsScope'}, } def __init__(self, **kwargs): - super(AllowedConnectionsResource, self).__init__(**kwargs) - self.id = None - self.name = None - self.type = None - self.location = None - self.calculated_date_time = None - self.connectable_resources = None + super(AlertsSuppressionRule, self).__init__(**kwargs) + self.alert_type = kwargs.get('alert_type', None) + self.last_modified_utc = None + self.expiration_date_utc = kwargs.get('expiration_date_utc', None) + self.reason = kwargs.get('reason', None) + self.state = kwargs.get('state', None) + self.comment = kwargs.get('comment', None) + self.suppression_alerts_scope = kwargs.get('suppression_alerts_scope', None) -class AppWhitelistingGroup(Model): - """AppWhitelistingGroup. +class AllowedConnectionsResource(Model): + """The resource whose properties describes the allowed traffic between Azure + resources. Variables are only populated by the server, and will be ignored when sending a request. @@ -506,26 +848,12 @@ class AppWhitelistingGroup(Model): :vartype type: str :ivar location: Location where the resource is stored :vartype location: str - :param enforcement_mode: Possible values include: 'Audit', 'Enforce' - :type enforcement_mode: str or ~azure.mgmt.security.models.enum - :param configuration_status: Possible values include: 'Configured', - 'NotConfigured', 'InProgress', 'Failed', 'NoStatus' - :type configuration_status: str or ~azure.mgmt.security.models.enum - :param recommendation_status: Possible values include: 'Recommended', - 'NotRecommended', 'NotAvailable', 'NoStatus' - :type recommendation_status: str or ~azure.mgmt.security.models.enum - :param issues: - :type issues: - list[~azure.mgmt.security.models.AppWhitelistingIssueSummary] - :param source_system: Possible values include: 'Azure_AppLocker', - 'Azure_AuditD', 'NonAzure_AppLocker', 'NonAzure_AuditD', 'None' - :type source_system: str or ~azure.mgmt.security.models.enum - :param vm_recommendations: - :type vm_recommendations: - list[~azure.mgmt.security.models.VmRecommendation] - :param path_recommendations: - :type path_recommendations: - list[~azure.mgmt.security.models.PathRecommendation] + :ivar calculated_date_time: The UTC time on which the allowed connections + resource was calculated + :vartype calculated_date_time: datetime + :ivar connectable_resources: List of connectable resources + :vartype connectable_resources: + list[~azure.mgmt.security.models.ConnectableResource] """ _validation = { @@ -533,6 +861,8 @@ class AppWhitelistingGroup(Model): 'name': {'readonly': True}, 'type': {'readonly': True}, 'location': {'readonly': True}, + 'calculated_date_time': {'readonly': True}, + 'connectable_resources': {'readonly': True}, } _attribute_map = { @@ -540,76 +870,306 @@ class AppWhitelistingGroup(Model): 'name': {'key': 'name', 'type': 'str'}, 'type': {'key': 'type', 'type': 'str'}, 'location': {'key': 'location', 'type': 'str'}, - 'enforcement_mode': {'key': 'properties.enforcementMode', 'type': 'str'}, - 'configuration_status': {'key': 'properties.configurationStatus', 'type': 'str'}, - 'recommendation_status': {'key': 'properties.recommendationStatus', 'type': 'str'}, - 'issues': {'key': 'properties.issues', 'type': '[AppWhitelistingIssueSummary]'}, - 'source_system': {'key': 'properties.sourceSystem', 'type': 'str'}, - 'vm_recommendations': {'key': 'properties.vmRecommendations', 'type': '[VmRecommendation]'}, - 'path_recommendations': {'key': 'properties.pathRecommendations', 'type': '[PathRecommendation]'}, + 'calculated_date_time': {'key': 'properties.calculatedDateTime', 'type': 'iso-8601'}, + 'connectable_resources': {'key': 'properties.connectableResources', 'type': '[ConnectableResource]'}, } def __init__(self, **kwargs): - super(AppWhitelistingGroup, self).__init__(**kwargs) + super(AllowedConnectionsResource, self).__init__(**kwargs) self.id = None self.name = None self.type = None self.location = None - self.enforcement_mode = kwargs.get('enforcement_mode', None) - self.configuration_status = kwargs.get('configuration_status', None) - self.recommendation_status = kwargs.get('recommendation_status', None) - self.issues = kwargs.get('issues', None) - self.source_system = kwargs.get('source_system', None) - self.vm_recommendations = kwargs.get('vm_recommendations', None) - self.path_recommendations = kwargs.get('path_recommendations', None) + self.calculated_date_time = None + self.connectable_resources = None -class AppWhitelistingGroups(Model): - """Represents a list of VM/server groups and set of rules that are Recommended - by Azure Security Center to be allowed. +class ListCustomAlertRule(CustomAlertRule): + """A List custom alert rule. - :param value: - :type value: list[~azure.mgmt.security.models.AppWhitelistingGroup] - """ + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: AllowlistCustomAlertRule, DenylistCustomAlertRule - _attribute_map = { - 'value': {'key': 'value', 'type': '[AppWhitelistingGroup]'}, - } + Variables are only populated by the server, and will be ignored when + sending a request. - def __init__(self, **kwargs): - super(AppWhitelistingGroups, self).__init__(**kwargs) - self.value = kwargs.get('value', None) + All required parameters must be populated in order to send to Azure. + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :ivar value_type: The value type of the items in the list. Possible values + include: 'IpCidr', 'String' + :vartype value_type: str or ~azure.mgmt.security.models.ValueType + """ -class AppWhitelistingIssueSummary(Model): - """Represents a summary of the alerts of the VM/server group. + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'value_type': {'readonly': True}, + } - :param issue: Possible values include: 'ViolationsAudited', - 'ViolationsBlocked', 'MsiAndScriptViolationsAudited', - 'MsiAndScriptViolationsBlocked', 'ExecutableViolationsAudited', - 'RulesViolatedManually' - :type issue: str or ~azure.mgmt.security.models.enum - :param number_of_vms: The number of machines in the VM/server group that - have this alert - :type number_of_vms: float + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'value_type': {'key': 'valueType', 'type': 'str'}, + } + + _subtype_map = { + 'rule_type': {'AllowlistCustomAlertRule': 'AllowlistCustomAlertRule', 'DenylistCustomAlertRule': 'DenylistCustomAlertRule'} + } + + def __init__(self, **kwargs): + super(ListCustomAlertRule, self).__init__(**kwargs) + self.value_type = None + self.rule_type = 'ListCustomAlertRule' + + +class AllowlistCustomAlertRule(ListCustomAlertRule): + """A custom alert rule that checks if a value (depends on the custom alert + type) is allowed. + + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: ConnectionToIpNotAllowed, LocalUserNotAllowed, + ProcessNotAllowed + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :ivar value_type: The value type of the items in the list. Possible values + include: 'IpCidr', 'String' + :vartype value_type: str or ~azure.mgmt.security.models.ValueType + :param allowlist_values: Required. The values to allow. The format of the + values depends on the rule type. + :type allowlist_values: list[str] """ + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'value_type': {'readonly': True}, + 'allowlist_values': {'required': True}, + } + _attribute_map = { - 'issue': {'key': 'issue', 'type': 'str'}, - 'number_of_vms': {'key': 'numberOfVms', 'type': 'float'}, + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'value_type': {'key': 'valueType', 'type': 'str'}, + 'allowlist_values': {'key': 'allowlistValues', 'type': '[str]'}, + } + + _subtype_map = { + 'rule_type': {'ConnectionToIpNotAllowed': 'ConnectionToIpNotAllowed', 'LocalUserNotAllowed': 'LocalUserNotAllowed', 'ProcessNotAllowed': 'ProcessNotAllowed'} } def __init__(self, **kwargs): - super(AppWhitelistingIssueSummary, self).__init__(**kwargs) - self.issue = kwargs.get('issue', None) - self.number_of_vms = kwargs.get('number_of_vms', None) + super(AllowlistCustomAlertRule, self).__init__(**kwargs) + self.allowlist_values = kwargs.get('allowlist_values', None) + self.rule_type = 'AllowlistCustomAlertRule' + + +class AmqpC2DMessagesNotInAllowedRange(TimeWindowCustomAlertRule): + """Number of cloud to device messages (AMQP protocol) is not in allowed range. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :param min_threshold: Required. The minimum threshold. + :type min_threshold: int + :param max_threshold: Required. The maximum threshold. + :type max_threshold: int + :param time_window_size: Required. The time window size in iso8601 format. + :type time_window_size: timedelta + """ + + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'min_threshold': {'required': True}, + 'max_threshold': {'required': True}, + 'time_window_size': {'required': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'min_threshold': {'key': 'minThreshold', 'type': 'int'}, + 'max_threshold': {'key': 'maxThreshold', 'type': 'int'}, + 'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'}, + } + + def __init__(self, **kwargs): + super(AmqpC2DMessagesNotInAllowedRange, self).__init__(**kwargs) + self.rule_type = 'AmqpC2DMessagesNotInAllowedRange' + + +class AmqpC2DRejectedMessagesNotInAllowedRange(TimeWindowCustomAlertRule): + """Number of rejected cloud to device messages (AMQP protocol) is not in + allowed range. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :param min_threshold: Required. The minimum threshold. + :type min_threshold: int + :param max_threshold: Required. The maximum threshold. + :type max_threshold: int + :param time_window_size: Required. The time window size in iso8601 format. + :type time_window_size: timedelta + """ + + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'min_threshold': {'required': True}, + 'max_threshold': {'required': True}, + 'time_window_size': {'required': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'min_threshold': {'key': 'minThreshold', 'type': 'int'}, + 'max_threshold': {'key': 'maxThreshold', 'type': 'int'}, + 'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'}, + } + + def __init__(self, **kwargs): + super(AmqpC2DRejectedMessagesNotInAllowedRange, self).__init__(**kwargs) + self.rule_type = 'AmqpC2DRejectedMessagesNotInAllowedRange' -class AppWhitelistingPutGroupData(Model): - """The altered data of the recommended VM/server group policy. +class AmqpD2CMessagesNotInAllowedRange(TimeWindowCustomAlertRule): + """Number of device to cloud messages (AMQP protocol) is not in allowed range. - :param enforcement_mode: Possible values include: 'Audit', 'Enforce' + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :param min_threshold: Required. The minimum threshold. + :type min_threshold: int + :param max_threshold: Required. The maximum threshold. + :type max_threshold: int + :param time_window_size: Required. The time window size in iso8601 format. + :type time_window_size: timedelta + """ + + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'min_threshold': {'required': True}, + 'max_threshold': {'required': True}, + 'time_window_size': {'required': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'min_threshold': {'key': 'minThreshold', 'type': 'int'}, + 'max_threshold': {'key': 'maxThreshold', 'type': 'int'}, + 'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'}, + } + + def __init__(self, **kwargs): + super(AmqpD2CMessagesNotInAllowedRange, self).__init__(**kwargs) + self.rule_type = 'AmqpD2CMessagesNotInAllowedRange' + + +class AppWhitelistingGroup(Model): + """AppWhitelistingGroup. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Resource Id + :vartype id: str + :ivar name: Resource name + :vartype name: str + :ivar type: Resource type + :vartype type: str + :ivar location: Location where the resource is stored + :vartype location: str + :param enforcement_mode: Possible values include: 'Audit', 'Enforce', + 'None' :type enforcement_mode: str or ~azure.mgmt.security.models.enum + :param protection_mode: + :type protection_mode: ~azure.mgmt.security.models.ProtectionMode + :ivar configuration_status: Possible values include: 'Configured', + 'NotConfigured', 'InProgress', 'Failed', 'NoStatus' + :vartype configuration_status: str or ~azure.mgmt.security.models.enum + :ivar recommendation_status: Possible values include: 'Recommended', + 'NotRecommended', 'NotAvailable', 'NoStatus' + :vartype recommendation_status: str or ~azure.mgmt.security.models.enum + :ivar issues: + :vartype issues: + list[~azure.mgmt.security.models.AppWhitelistingIssueSummary] + :ivar source_system: Possible values include: 'Azure_AppLocker', + 'Azure_AuditD', 'NonAzure_AppLocker', 'NonAzure_AuditD', 'None' + :vartype source_system: str or ~azure.mgmt.security.models.enum :param vm_recommendations: :type vm_recommendations: list[~azure.mgmt.security.models.VmRecommendation] @@ -618,19 +1178,89 @@ class AppWhitelistingPutGroupData(Model): list[~azure.mgmt.security.models.PathRecommendation] """ + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'location': {'readonly': True}, + 'configuration_status': {'readonly': True}, + 'recommendation_status': {'readonly': True}, + 'issues': {'readonly': True}, + 'source_system': {'readonly': True}, + } + _attribute_map = { - 'enforcement_mode': {'key': 'enforcementMode', 'type': 'str'}, - 'vm_recommendations': {'key': 'vmRecommendations', 'type': '[VmRecommendation]'}, - 'path_recommendations': {'key': 'pathRecommendations', 'type': '[PathRecommendation]'}, + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'location': {'key': 'location', 'type': 'str'}, + 'enforcement_mode': {'key': 'properties.enforcementMode', 'type': 'str'}, + 'protection_mode': {'key': 'properties.protectionMode', 'type': 'ProtectionMode'}, + 'configuration_status': {'key': 'properties.configurationStatus', 'type': 'str'}, + 'recommendation_status': {'key': 'properties.recommendationStatus', 'type': 'str'}, + 'issues': {'key': 'properties.issues', 'type': '[AppWhitelistingIssueSummary]'}, + 'source_system': {'key': 'properties.sourceSystem', 'type': 'str'}, + 'vm_recommendations': {'key': 'properties.vmRecommendations', 'type': '[VmRecommendation]'}, + 'path_recommendations': {'key': 'properties.pathRecommendations', 'type': '[PathRecommendation]'}, } def __init__(self, **kwargs): - super(AppWhitelistingPutGroupData, self).__init__(**kwargs) + super(AppWhitelistingGroup, self).__init__(**kwargs) + self.id = None + self.name = None + self.type = None + self.location = None self.enforcement_mode = kwargs.get('enforcement_mode', None) + self.protection_mode = kwargs.get('protection_mode', None) + self.configuration_status = None + self.recommendation_status = None + self.issues = None + self.source_system = None self.vm_recommendations = kwargs.get('vm_recommendations', None) self.path_recommendations = kwargs.get('path_recommendations', None) +class AppWhitelistingGroups(Model): + """Represents a list of VM/server groups and set of rules that are Recommended + by Azure Security Center to be allowed. + + :param value: + :type value: list[~azure.mgmt.security.models.AppWhitelistingGroup] + """ + + _attribute_map = { + 'value': {'key': 'value', 'type': '[AppWhitelistingGroup]'}, + } + + def __init__(self, **kwargs): + super(AppWhitelistingGroups, self).__init__(**kwargs) + self.value = kwargs.get('value', None) + + +class AppWhitelistingIssueSummary(Model): + """Represents a summary of the alerts of the VM/server group. + + :param issue: Possible values include: 'ViolationsAudited', + 'ViolationsBlocked', 'MsiAndScriptViolationsAudited', + 'MsiAndScriptViolationsBlocked', 'ExecutableViolationsAudited', + 'RulesViolatedManually' + :type issue: str or ~azure.mgmt.security.models.enum + :param number_of_vms: The number of machines in the VM/server group that + have this alert + :type number_of_vms: float + """ + + _attribute_map = { + 'issue': {'key': 'issue', 'type': 'str'}, + 'number_of_vms': {'key': 'numberOfVms', 'type': 'float'}, + } + + def __init__(self, **kwargs): + super(AppWhitelistingIssueSummary, self).__init__(**kwargs) + self.issue = kwargs.get('issue', None) + self.number_of_vms = kwargs.get('number_of_vms', None) + + class AscLocation(Resource): """The ASC location of the subscription is in the "name" field. @@ -665,6 +1295,60 @@ def __init__(self, **kwargs): self.properties = kwargs.get('properties', None) +class AssessmentLinks(Model): + """Links relevant to the assessment. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar azure_portal_uri: Link to assessment in Azure Portal + :vartype azure_portal_uri: str + """ + + _validation = { + 'azure_portal_uri': {'readonly': True}, + } + + _attribute_map = { + 'azure_portal_uri': {'key': 'azurePortalUri', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(AssessmentLinks, self).__init__(**kwargs) + self.azure_portal_uri = None + + +class AssessmentStatus(Model): + """The result of the assessment. + + All required parameters must be populated in order to send to Azure. + + :param code: Required. Programmatic code for the status of the assessment. + Possible values include: 'Healthy', 'Unhealthy', 'NotApplicable' + :type code: str or ~azure.mgmt.security.models.AssessmentStatusCode + :param cause: Programmatic code for the cause of the assessment status + :type cause: str + :param description: Human readable description of the assessment status + :type description: str + """ + + _validation = { + 'code': {'required': True}, + } + + _attribute_map = { + 'code': {'key': 'code', 'type': 'str'}, + 'cause': {'key': 'cause', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(AssessmentStatus, self).__init__(**kwargs) + self.code = kwargs.get('code', None) + self.cause = kwargs.get('cause', None) + self.description = kwargs.get('description', None) + + class AtaExternalSecuritySolution(ExternalSecuritySolution): """Represents an ATA security solution which sends logs to an OMS workspace. @@ -768,45 +1452,508 @@ def __init__(self, **kwargs): self.last_event_received = kwargs.get('last_event_received', None) -class AutoProvisioningSetting(Resource): - """Auto provisioning setting. +class TrackedResource(Model): + """Describes an Azure tracked resource. Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. - :ivar id: Resource Id :vartype id: str :ivar name: Resource name :vartype name: str :ivar type: Resource type :vartype type: str - :param auto_provision: Required. Describes what kind of security agent - provisioning action to take. Possible values include: 'On', 'Off' - :type auto_provision: str or ~azure.mgmt.security.models.AutoProvision + :ivar location: Location where the resource is stored + :vartype location: str + :param kind: Kind of the resource + :type kind: str + :param etag: Entity tag is used for comparing two or more entities from + the same requested resource. + :type etag: str + :param tags: A list of key value pairs that describe the resource. + :type tags: dict[str, str] """ _validation = { 'id': {'readonly': True}, 'name': {'readonly': True}, 'type': {'readonly': True}, - 'auto_provision': {'required': True}, + 'location': {'readonly': True}, } _attribute_map = { 'id': {'key': 'id', 'type': 'str'}, 'name': {'key': 'name', 'type': 'str'}, 'type': {'key': 'type', 'type': 'str'}, - 'auto_provision': {'key': 'properties.autoProvision', 'type': 'str'}, + 'location': {'key': 'location', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'tags': {'key': 'tags', 'type': '{str}'}, } def __init__(self, **kwargs): - super(AutoProvisioningSetting, self).__init__(**kwargs) - self.auto_provision = kwargs.get('auto_provision', None) + super(TrackedResource, self).__init__(**kwargs) + self.id = None + self.name = None + self.type = None + self.location = None + self.kind = kwargs.get('kind', None) + self.etag = kwargs.get('etag', None) + self.tags = kwargs.get('tags', None) -class CefExternalSecuritySolution(ExternalSecuritySolution): +class Automation(TrackedResource): + """The security automation resource. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Resource Id + :vartype id: str + :ivar name: Resource name + :vartype name: str + :ivar type: Resource type + :vartype type: str + :ivar location: Location where the resource is stored + :vartype location: str + :param kind: Kind of the resource + :type kind: str + :param etag: Entity tag is used for comparing two or more entities from + the same requested resource. + :type etag: str + :param tags: A list of key value pairs that describe the resource. + :type tags: dict[str, str] + :param description: The security automation description. + :type description: str + :param is_enabled: Indicates whether the security automation is enabled. + :type is_enabled: bool + :param scopes: A collection of scopes on which the security automations + logic is applied. Supported scopes are the subscription itself or a + resource group under that subscription. The automation will only apply on + defined scopes. + :type scopes: list[~azure.mgmt.security.models.AutomationScope] + :param sources: A collection of the source event types which evaluate the + security automation set of rules. + :type sources: list[~azure.mgmt.security.models.AutomationSource] + :param actions: A collection of the actions which are triggered if all the + configured rules evaluations, within at least one rule set, are true. + :type actions: list[~azure.mgmt.security.models.AutomationAction] + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'location': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'location': {'key': 'location', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'is_enabled': {'key': 'properties.isEnabled', 'type': 'bool'}, + 'scopes': {'key': 'properties.scopes', 'type': '[AutomationScope]'}, + 'sources': {'key': 'properties.sources', 'type': '[AutomationSource]'}, + 'actions': {'key': 'properties.actions', 'type': '[AutomationAction]'}, + } + + def __init__(self, **kwargs): + super(Automation, self).__init__(**kwargs) + self.description = kwargs.get('description', None) + self.is_enabled = kwargs.get('is_enabled', None) + self.scopes = kwargs.get('scopes', None) + self.sources = kwargs.get('sources', None) + self.actions = kwargs.get('actions', None) + + +class AutomationAction(Model): + """The action that should be triggered. + + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: AutomationActionLogicApp, AutomationActionEventHub, + AutomationActionWorkspace + + All required parameters must be populated in order to send to Azure. + + :param action_type: Required. Constant filled by server. + :type action_type: str + """ + + _validation = { + 'action_type': {'required': True}, + } + + _attribute_map = { + 'action_type': {'key': 'actionType', 'type': 'str'}, + } + + _subtype_map = { + 'action_type': {'LogicApp': 'AutomationActionLogicApp', 'EventHub': 'AutomationActionEventHub', 'Workspace': 'AutomationActionWorkspace'} + } + + def __init__(self, **kwargs): + super(AutomationAction, self).__init__(**kwargs) + self.action_type = None + + +class AutomationActionEventHub(AutomationAction): + """The target Event Hub to which event data will be exported. To learn more + about Security Center continuous export capabilities, visit + https://aka.ms/ASCExportLearnMore. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :param action_type: Required. Constant filled by server. + :type action_type: str + :param event_hub_resource_id: The target Event Hub Azure Resource ID. + :type event_hub_resource_id: str + :ivar sas_policy_name: The target Event Hub SAS policy name. + :vartype sas_policy_name: str + :param connection_string: The target Event Hub connection string (it will + not be included in any response). + :type connection_string: str + """ + + _validation = { + 'action_type': {'required': True}, + 'sas_policy_name': {'readonly': True}, + } + + _attribute_map = { + 'action_type': {'key': 'actionType', 'type': 'str'}, + 'event_hub_resource_id': {'key': 'eventHubResourceId', 'type': 'str'}, + 'sas_policy_name': {'key': 'sasPolicyName', 'type': 'str'}, + 'connection_string': {'key': 'connectionString', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(AutomationActionEventHub, self).__init__(**kwargs) + self.event_hub_resource_id = kwargs.get('event_hub_resource_id', None) + self.sas_policy_name = None + self.connection_string = kwargs.get('connection_string', None) + self.action_type = 'EventHub' + + +class AutomationActionLogicApp(AutomationAction): + """The logic app action that should be triggered. To learn more about Security + Center's Workflow Automation capabilities, visit + https://aka.ms/ASCWorkflowAutomationLearnMore. + + All required parameters must be populated in order to send to Azure. + + :param action_type: Required. Constant filled by server. + :type action_type: str + :param logic_app_resource_id: The triggered Logic App Azure Resource ID. + This can also reside on other subscriptions, given that you have + permissions to trigger the Logic App + :type logic_app_resource_id: str + :param uri: The Logic App trigger URI endpoint (it will not be included in + any response). + :type uri: str + """ + + _validation = { + 'action_type': {'required': True}, + } + + _attribute_map = { + 'action_type': {'key': 'actionType', 'type': 'str'}, + 'logic_app_resource_id': {'key': 'logicAppResourceId', 'type': 'str'}, + 'uri': {'key': 'uri', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(AutomationActionLogicApp, self).__init__(**kwargs) + self.logic_app_resource_id = kwargs.get('logic_app_resource_id', None) + self.uri = kwargs.get('uri', None) + self.action_type = 'LogicApp' + + +class AutomationActionWorkspace(AutomationAction): + """The Log Analytics Workspace to which event data will be exported. Security + alerts data will reside in the 'SecurityAlert' table and the assessments + data will reside in the 'SecurityRecommendation' table (under the + 'Security'/'SecurityCenterFree' solutions). Note that in order to view the + data in the workspace, the Security Center Log Analytics free/standard + solution needs to be enabled on that workspace. To learn more about + Security Center continuous export capabilities, visit + https://aka.ms/ASCExportLearnMore. + + All required parameters must be populated in order to send to Azure. + + :param action_type: Required. Constant filled by server. + :type action_type: str + :param workspace_resource_id: The fully qualified Log Analytics Workspace + Azure Resource ID. + :type workspace_resource_id: str + """ + + _validation = { + 'action_type': {'required': True}, + } + + _attribute_map = { + 'action_type': {'key': 'actionType', 'type': 'str'}, + 'workspace_resource_id': {'key': 'workspaceResourceId', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(AutomationActionWorkspace, self).__init__(**kwargs) + self.workspace_resource_id = kwargs.get('workspace_resource_id', None) + self.action_type = 'Workspace' + + +class AutomationRuleSet(Model): + """A rule set which evaluates all its rules upon an event interception. Only + when all the included rules in the rule set will be evaluated as 'true', + will the event trigger the defined actions. + + :param rules: + :type rules: list[~azure.mgmt.security.models.AutomationTriggeringRule] + """ + + _attribute_map = { + 'rules': {'key': 'rules', 'type': '[AutomationTriggeringRule]'}, + } + + def __init__(self, **kwargs): + super(AutomationRuleSet, self).__init__(**kwargs) + self.rules = kwargs.get('rules', None) + + +class AutomationScope(Model): + """A single automation scope. + + :param description: The resources scope description. + :type description: str + :param scope_path: The resources scope path. Can be the subscription on + which the automation is defined on or a resource group under that + subscription (fully qualified Azure resource IDs). + :type scope_path: str + """ + + _attribute_map = { + 'description': {'key': 'description', 'type': 'str'}, + 'scope_path': {'key': 'scopePath', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(AutomationScope, self).__init__(**kwargs) + self.description = kwargs.get('description', None) + self.scope_path = kwargs.get('scope_path', None) + + +class AutomationSource(Model): + """The source event types which evaluate the security automation set of rules. + For example - security alerts and security assessments. To learn more about + the supported security events data models schemas - please visit + https://aka.ms/ASCAutomationSchemas. + + :param event_source: A valid event source type. Possible values include: + 'Assessments', 'Alerts' + :type event_source: str or ~azure.mgmt.security.models.EventSource + :param rule_sets: A set of rules which evaluate upon event interception. A + logical disjunction is applied between defined rule sets (logical 'or'). + :type rule_sets: list[~azure.mgmt.security.models.AutomationRuleSet] + """ + + _attribute_map = { + 'event_source': {'key': 'eventSource', 'type': 'str'}, + 'rule_sets': {'key': 'ruleSets', 'type': '[AutomationRuleSet]'}, + } + + def __init__(self, **kwargs): + super(AutomationSource, self).__init__(**kwargs) + self.event_source = kwargs.get('event_source', None) + self.rule_sets = kwargs.get('rule_sets', None) + + +class AutomationTriggeringRule(Model): + """A rule which is evaluated upon event interception. The rule is configured + by comparing a specific value from the event model to an expected value. + This comparison is done by using one of the supported operators set. + + :param property_jpath: The JPath of the entity model property that should + be checked. + :type property_jpath: str + :param property_type: The data type of the compared operands (string, + integer, floating point number or a boolean [true/false]]. Possible values + include: 'String', 'Integer', 'Number', 'Boolean' + :type property_type: str or ~azure.mgmt.security.models.PropertyType + :param expected_value: The expected value. + :type expected_value: str + :param operator: A valid comparer operator to use. A case-insensitive + comparison will be applied for String PropertyType. Possible values + include: 'Equals', 'GreaterThan', 'GreaterThanOrEqualTo', 'LesserThan', + 'LesserThanOrEqualTo', 'NotEquals', 'Contains', 'StartsWith', 'EndsWith' + :type operator: str or ~azure.mgmt.security.models.Operator + """ + + _attribute_map = { + 'property_jpath': {'key': 'propertyJPath', 'type': 'str'}, + 'property_type': {'key': 'propertyType', 'type': 'str'}, + 'expected_value': {'key': 'expectedValue', 'type': 'str'}, + 'operator': {'key': 'operator', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(AutomationTriggeringRule, self).__init__(**kwargs) + self.property_jpath = kwargs.get('property_jpath', None) + self.property_type = kwargs.get('property_type', None) + self.expected_value = kwargs.get('expected_value', None) + self.operator = kwargs.get('operator', None) + + +class AutomationValidationStatus(Model): + """The security automation model state property bag. + + :param is_valid: Indicates whether the model is valid or not. + :type is_valid: bool + :param message: The validation message. + :type message: str + """ + + _attribute_map = { + 'is_valid': {'key': 'isValid', 'type': 'bool'}, + 'message': {'key': 'message', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(AutomationValidationStatus, self).__init__(**kwargs) + self.is_valid = kwargs.get('is_valid', None) + self.message = kwargs.get('message', None) + + +class AutoProvisioningSetting(Resource): + """Auto provisioning setting. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Resource Id + :vartype id: str + :ivar name: Resource name + :vartype name: str + :ivar type: Resource type + :vartype type: str + :param auto_provision: Required. Describes what kind of security agent + provisioning action to take. Possible values include: 'On', 'Off' + :type auto_provision: str or ~azure.mgmt.security.models.AutoProvision + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'auto_provision': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'auto_provision': {'key': 'properties.autoProvision', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(AutoProvisioningSetting, self).__init__(**kwargs) + self.auto_provision = kwargs.get('auto_provision', None) + + +class ResourceDetails(Model): + """Details of the resource that was assessed. + + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: OnPremiseResourceDetails, AzureResourceDetails + + All required parameters must be populated in order to send to Azure. + + :param source: Required. Constant filled by server. + :type source: str + """ + + _validation = { + 'source': {'required': True}, + } + + _attribute_map = { + 'source': {'key': 'source', 'type': 'str'}, + } + + _subtype_map = { + 'source': {'OnPremise': 'OnPremiseResourceDetails', 'Azure': 'AzureResourceDetails'} + } + + def __init__(self, **kwargs): + super(ResourceDetails, self).__init__(**kwargs) + self.source = None + + +class AzureResourceDetails(ResourceDetails): + """Details of the Azure resource that was assessed. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :param source: Required. Constant filled by server. + :type source: str + :ivar id: Azure resource Id of the assessed resource + :vartype id: str + """ + + _validation = { + 'source': {'required': True}, + 'id': {'readonly': True}, + } + + _attribute_map = { + 'source': {'key': 'source', 'type': 'str'}, + 'id': {'key': 'id', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(AzureResourceDetails, self).__init__(**kwargs) + self.id = None + self.source = 'Azure' + + +class AzureResourceLink(Model): + """Describes an Azure resource with kind. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Azure resource Id + :vartype id: str + """ + + _validation = { + 'id': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(AzureResourceLink, self).__init__(**kwargs) + self.id = None + + +class CefExternalSecuritySolution(ExternalSecuritySolution): """Represents a security solution which sends CEF logs to an OMS workspace. Variables are only populated by the server, and will be ignored when @@ -1134,31 +2281,199 @@ def __init__(self, **kwargs): self.id = kwargs.get('id', None) -class SettingResource(Resource): - """The kind of the security setting. +class ConnectionToIpNotAllowed(AllowlistCustomAlertRule): + """Outbound connection to an ip that isn't allowed. Allow list consists of + ipv4 or ipv6 range in CIDR notation. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar id: Resource Id - :vartype id: str - :ivar name: Resource name - :vartype name: str - :ivar type: Resource type - :vartype type: str - :param kind: Required. the kind of the settings string - (DataExportSetting). Possible values include: 'DataExportSetting', - 'AlertSuppressionSetting' - :type kind: str or ~azure.mgmt.security.models.SettingKind + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :ivar value_type: The value type of the items in the list. Possible values + include: 'IpCidr', 'String' + :vartype value_type: str or ~azure.mgmt.security.models.ValueType + :param allowlist_values: Required. The values to allow. The format of the + values depends on the rule type. + :type allowlist_values: list[str] """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'kind': {'required': True}, + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'value_type': {'readonly': True}, + 'allowlist_values': {'required': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'value_type': {'key': 'valueType', 'type': 'str'}, + 'allowlist_values': {'key': 'allowlistValues', 'type': '[str]'}, + } + + def __init__(self, **kwargs): + super(ConnectionToIpNotAllowed, self).__init__(**kwargs) + self.rule_type = 'ConnectionToIpNotAllowed' + + +class ContainerRegistryVulnerabilityProperties(AdditionalData): + """Additional context fields for container registry Vulnerability assessment. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :param assessed_resource_type: Required. Constant filled by server. + :type assessed_resource_type: str + :ivar type: Vulnerability Type. e.g: Vulnerability, Potential + Vulnerability, Information Gathered, Vulnerability + :vartype type: str + :ivar cvss: Dictionary from cvss version to cvss details object + :vartype cvss: dict[str, ~azure.mgmt.security.models.CVSS] + :ivar patchable: Indicates whether a patch is available or not + :vartype patchable: bool + :ivar cve: List of CVEs + :vartype cve: list[~azure.mgmt.security.models.CVE] + :ivar published_time: Published time + :vartype published_time: datetime + :ivar vendor_references: + :vartype vendor_references: + list[~azure.mgmt.security.models.VendorReference] + :ivar repository_name: Name of the repository which the vulnerable image + belongs to + :vartype repository_name: str + :ivar image_digest: Digest of the vulnerable image + :vartype image_digest: str + """ + + _validation = { + 'assessed_resource_type': {'required': True}, + 'type': {'readonly': True}, + 'cvss': {'readonly': True}, + 'patchable': {'readonly': True}, + 'cve': {'readonly': True}, + 'published_time': {'readonly': True}, + 'vendor_references': {'readonly': True}, + 'repository_name': {'readonly': True}, + 'image_digest': {'readonly': True}, + } + + _attribute_map = { + 'assessed_resource_type': {'key': 'assessedResourceType', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'cvss': {'key': 'cvss', 'type': '{CVSS}'}, + 'patchable': {'key': 'patchable', 'type': 'bool'}, + 'cve': {'key': 'cve', 'type': '[CVE]'}, + 'published_time': {'key': 'publishedTime', 'type': 'iso-8601'}, + 'vendor_references': {'key': 'vendorReferences', 'type': '[VendorReference]'}, + 'repository_name': {'key': 'repositoryName', 'type': 'str'}, + 'image_digest': {'key': 'imageDigest', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(ContainerRegistryVulnerabilityProperties, self).__init__(**kwargs) + self.type = None + self.cvss = None + self.patchable = None + self.cve = None + self.published_time = None + self.vendor_references = None + self.repository_name = None + self.image_digest = None + self.assessed_resource_type = 'ContainerRegistryVulnerability' + + +class CVE(Model): + """CVE details. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar title: CVE title + :vartype title: str + :ivar link: Link url + :vartype link: str + """ + + _validation = { + 'title': {'readonly': True}, + 'link': {'readonly': True}, + } + + _attribute_map = { + 'title': {'key': 'title', 'type': 'str'}, + 'link': {'key': 'link', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(CVE, self).__init__(**kwargs) + self.title = None + self.link = None + + +class CVSS(Model): + """CVSS details. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar base: CVSS base + :vartype base: float + """ + + _validation = { + 'base': {'readonly': True}, + } + + _attribute_map = { + 'base': {'key': 'base', 'type': 'float'}, + } + + def __init__(self, **kwargs): + super(CVSS, self).__init__(**kwargs) + self.base = None + + +class SettingResource(Resource): + """The kind of the security setting. + + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: Setting + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Resource Id + :vartype id: str + :ivar name: Resource name + :vartype name: str + :ivar type: Resource type + :vartype type: str + :param kind: Required. Constant filled by server. + :type kind: str + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'kind': {'required': True}, } _attribute_map = { @@ -1168,14 +2483,22 @@ class SettingResource(Resource): 'kind': {'key': 'kind', 'type': 'str'}, } + _subtype_map = { + 'kind': {'Setting': 'Setting'} + } + def __init__(self, **kwargs): super(SettingResource, self).__init__(**kwargs) - self.kind = kwargs.get('kind', None) + self.kind = None + self.kind = 'SettingResource' class Setting(SettingResource): """Represents a security setting in Azure Security Center. + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: DataExportSettings + Variables are only populated by the server, and will be ignored when sending a request. @@ -1187,10 +2510,8 @@ class Setting(SettingResource): :vartype name: str :ivar type: Resource type :vartype type: str - :param kind: Required. the kind of the settings string - (DataExportSetting). Possible values include: 'DataExportSetting', - 'AlertSuppressionSetting' - :type kind: str or ~azure.mgmt.security.models.SettingKind + :param kind: Required. Constant filled by server. + :type kind: str """ _validation = { @@ -1207,11 +2528,16 @@ class Setting(SettingResource): 'kind': {'key': 'kind', 'type': 'str'}, } + _subtype_map = { + 'kind': {'DataExportSettings': 'DataExportSettings'} + } + def __init__(self, **kwargs): super(Setting, self).__init__(**kwargs) + self.kind = 'Setting' -class DataExportSetting(Setting): +class DataExportSettings(Setting): """Represents a data export setting. Variables are only populated by the server, and will be ignored when @@ -1225,10 +2551,8 @@ class DataExportSetting(Setting): :vartype name: str :ivar type: Resource type :vartype type: str - :param kind: Required. the kind of the settings string - (DataExportSetting). Possible values include: 'DataExportSetting', - 'AlertSuppressionSetting' - :type kind: str or ~azure.mgmt.security.models.SettingKind + :param kind: Required. Constant filled by server. + :type kind: str :param enabled: Required. Is the data export setting is enabled :type enabled: bool """ @@ -1250,8 +2574,157 @@ class DataExportSetting(Setting): } def __init__(self, **kwargs): - super(DataExportSetting, self).__init__(**kwargs) + super(DataExportSettings, self).__init__(**kwargs) self.enabled = kwargs.get('enabled', None) + self.kind = 'DataExportSettings' + + +class DenylistCustomAlertRule(ListCustomAlertRule): + """A custom alert rule that checks if a value (depends on the custom alert + type) is denied. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :ivar value_type: The value type of the items in the list. Possible values + include: 'IpCidr', 'String' + :vartype value_type: str or ~azure.mgmt.security.models.ValueType + :param denylist_values: Required. The values to deny. The format of the + values depends on the rule type. + :type denylist_values: list[str] + """ + + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'value_type': {'readonly': True}, + 'denylist_values': {'required': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'value_type': {'key': 'valueType', 'type': 'str'}, + 'denylist_values': {'key': 'denylistValues', 'type': '[str]'}, + } + + def __init__(self, **kwargs): + super(DenylistCustomAlertRule, self).__init__(**kwargs) + self.denylist_values = kwargs.get('denylist_values', None) + self.rule_type = 'DenylistCustomAlertRule' + + +class DeviceSecurityGroup(Resource): + """The device security group resource. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Resource Id + :vartype id: str + :ivar name: Resource name + :vartype name: str + :ivar type: Resource type + :vartype type: str + :param threshold_rules: The list of custom alert threshold rules. + :type threshold_rules: + list[~azure.mgmt.security.models.ThresholdCustomAlertRule] + :param time_window_rules: The list of custom alert time-window rules. + :type time_window_rules: + list[~azure.mgmt.security.models.TimeWindowCustomAlertRule] + :param allowlist_rules: The allow-list custom alert rules. + :type allowlist_rules: + list[~azure.mgmt.security.models.AllowlistCustomAlertRule] + :param denylist_rules: The deny-list custom alert rules. + :type denylist_rules: + list[~azure.mgmt.security.models.DenylistCustomAlertRule] + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'threshold_rules': {'key': 'properties.thresholdRules', 'type': '[ThresholdCustomAlertRule]'}, + 'time_window_rules': {'key': 'properties.timeWindowRules', 'type': '[TimeWindowCustomAlertRule]'}, + 'allowlist_rules': {'key': 'properties.allowlistRules', 'type': '[AllowlistCustomAlertRule]'}, + 'denylist_rules': {'key': 'properties.denylistRules', 'type': '[DenylistCustomAlertRule]'}, + } + + def __init__(self, **kwargs): + super(DeviceSecurityGroup, self).__init__(**kwargs) + self.threshold_rules = kwargs.get('threshold_rules', None) + self.time_window_rules = kwargs.get('time_window_rules', None) + self.allowlist_rules = kwargs.get('allowlist_rules', None) + self.denylist_rules = kwargs.get('denylist_rules', None) + + +class DirectMethodInvokesNotInAllowedRange(TimeWindowCustomAlertRule): + """Number of direct method invokes is not in allowed range. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :param min_threshold: Required. The minimum threshold. + :type min_threshold: int + :param max_threshold: Required. The maximum threshold. + :type max_threshold: int + :param time_window_size: Required. The time window size in iso8601 format. + :type time_window_size: timedelta + """ + + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'min_threshold': {'required': True}, + 'max_threshold': {'required': True}, + 'time_window_size': {'required': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'min_threshold': {'key': 'minThreshold', 'type': 'int'}, + 'max_threshold': {'key': 'maxThreshold', 'type': 'int'}, + 'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'}, + } + + def __init__(self, **kwargs): + super(DirectMethodInvokesNotInAllowedRange, self).__init__(**kwargs) + self.rule_type = 'DirectMethodInvokesNotInAllowedRange' class DiscoveredSecuritySolution(Model): @@ -1315,6 +2788,45 @@ def __init__(self, **kwargs): self.sku = kwargs.get('sku', None) +class EffectiveNetworkSecurityGroups(Model): + """Describes the Network Security Groups effective on a network interface. + + :param network_interface: The Azure resource ID of the network interface + :type network_interface: str + :param network_security_groups: The Network Security Groups effective on + the network interface + :type network_security_groups: list[str] + """ + + _attribute_map = { + 'network_interface': {'key': 'networkInterface', 'type': 'str'}, + 'network_security_groups': {'key': 'networkSecurityGroups', 'type': '[str]'}, + } + + def __init__(self, **kwargs): + super(EffectiveNetworkSecurityGroups, self).__init__(**kwargs) + self.network_interface = kwargs.get('network_interface', None) + self.network_security_groups = kwargs.get('network_security_groups', None) + + +class ETag(Model): + """Entity tag is used for comparing two or more entities from the same + requested resource. + + :param etag: Entity tag is used for comparing two or more entities from + the same requested resource. + :type etag: str + """ + + _attribute_map = { + 'etag': {'key': 'etag', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(ETag, self).__init__(**kwargs) + self.etag = kwargs.get('etag', None) + + class ExternalSecuritySolutionKind1(Model): """Describes an Azure resource with kind. @@ -1333,76 +2845,327 @@ def __init__(self, **kwargs): self.kind = kwargs.get('kind', None) -class InformationProtectionKeyword(Model): - """The information type keyword. +class FailedLocalLoginsNotInAllowedRange(TimeWindowCustomAlertRule): + """Number of failed local logins is not in allowed range. - :param pattern: The keyword pattern. - :type pattern: str - :param custom: Indicates whether the keyword is custom or not. - :type custom: bool - :param can_be_numeric: Indicates whether the keyword can be applied on - numeric types or not. - :type can_be_numeric: bool - :param excluded: Indicates whether the keyword is excluded or not. - :type excluded: bool + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :param min_threshold: Required. The minimum threshold. + :type min_threshold: int + :param max_threshold: Required. The maximum threshold. + :type max_threshold: int + :param time_window_size: Required. The time window size in iso8601 format. + :type time_window_size: timedelta """ + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'min_threshold': {'required': True}, + 'max_threshold': {'required': True}, + 'time_window_size': {'required': True}, + } + _attribute_map = { - 'pattern': {'key': 'pattern', 'type': 'str'}, - 'custom': {'key': 'custom', 'type': 'bool'}, - 'can_be_numeric': {'key': 'canBeNumeric', 'type': 'bool'}, - 'excluded': {'key': 'excluded', 'type': 'bool'}, + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'min_threshold': {'key': 'minThreshold', 'type': 'int'}, + 'max_threshold': {'key': 'maxThreshold', 'type': 'int'}, + 'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'}, } def __init__(self, **kwargs): - super(InformationProtectionKeyword, self).__init__(**kwargs) - self.pattern = kwargs.get('pattern', None) - self.custom = kwargs.get('custom', None) - self.can_be_numeric = kwargs.get('can_be_numeric', None) - self.excluded = kwargs.get('excluded', None) + super(FailedLocalLoginsNotInAllowedRange, self).__init__(**kwargs) + self.rule_type = 'FailedLocalLoginsNotInAllowedRange' -class InformationProtectionPolicy(Resource): - """Information protection policy. +class FileUploadsNotInAllowedRange(TimeWindowCustomAlertRule): + """Number of file uploads is not in allowed range. Variables are only populated by the server, and will be ignored when sending a request. - :ivar id: Resource Id - :vartype id: str - :ivar name: Resource name - :vartype name: str - :ivar type: Resource type - :vartype type: str - :ivar last_modified_utc: Describes the last UTC time the policy was - modified. - :vartype last_modified_utc: datetime - :param labels: Dictionary of sensitivity labels. - :type labels: dict[str, ~azure.mgmt.security.models.SensitivityLabel] - :param information_types: The sensitivity information types. - :type information_types: dict[str, - ~azure.mgmt.security.models.InformationType] + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :param min_threshold: Required. The minimum threshold. + :type min_threshold: int + :param max_threshold: Required. The maximum threshold. + :type max_threshold: int + :param time_window_size: Required. The time window size in iso8601 format. + :type time_window_size: timedelta """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'last_modified_utc': {'readonly': True}, + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'min_threshold': {'required': True}, + 'max_threshold': {'required': True}, + 'time_window_size': {'required': True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'last_modified_utc': {'key': 'properties.lastModifiedUtc', 'type': 'iso-8601'}, - 'labels': {'key': 'properties.labels', 'type': '{SensitivityLabel}'}, - 'information_types': {'key': 'properties.informationTypes', 'type': '{InformationType}'}, + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'min_threshold': {'key': 'minThreshold', 'type': 'int'}, + 'max_threshold': {'key': 'maxThreshold', 'type': 'int'}, + 'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'}, } def __init__(self, **kwargs): - super(InformationProtectionPolicy, self).__init__(**kwargs) + super(FileUploadsNotInAllowedRange, self).__init__(**kwargs) + self.rule_type = 'FileUploadsNotInAllowedRange' + + +class HttpC2DMessagesNotInAllowedRange(TimeWindowCustomAlertRule): + """Number of cloud to device messages (HTTP protocol) is not in allowed range. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :param min_threshold: Required. The minimum threshold. + :type min_threshold: int + :param max_threshold: Required. The maximum threshold. + :type max_threshold: int + :param time_window_size: Required. The time window size in iso8601 format. + :type time_window_size: timedelta + """ + + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'min_threshold': {'required': True}, + 'max_threshold': {'required': True}, + 'time_window_size': {'required': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'min_threshold': {'key': 'minThreshold', 'type': 'int'}, + 'max_threshold': {'key': 'maxThreshold', 'type': 'int'}, + 'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'}, + } + + def __init__(self, **kwargs): + super(HttpC2DMessagesNotInAllowedRange, self).__init__(**kwargs) + self.rule_type = 'HttpC2DMessagesNotInAllowedRange' + + +class HttpC2DRejectedMessagesNotInAllowedRange(TimeWindowCustomAlertRule): + """Number of rejected cloud to device messages (HTTP protocol) is not in + allowed range. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :param min_threshold: Required. The minimum threshold. + :type min_threshold: int + :param max_threshold: Required. The maximum threshold. + :type max_threshold: int + :param time_window_size: Required. The time window size in iso8601 format. + :type time_window_size: timedelta + """ + + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'min_threshold': {'required': True}, + 'max_threshold': {'required': True}, + 'time_window_size': {'required': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'min_threshold': {'key': 'minThreshold', 'type': 'int'}, + 'max_threshold': {'key': 'maxThreshold', 'type': 'int'}, + 'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'}, + } + + def __init__(self, **kwargs): + super(HttpC2DRejectedMessagesNotInAllowedRange, self).__init__(**kwargs) + self.rule_type = 'HttpC2DRejectedMessagesNotInAllowedRange' + + +class HttpD2CMessagesNotInAllowedRange(TimeWindowCustomAlertRule): + """Number of device to cloud messages (HTTP protocol) is not in allowed range. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :param min_threshold: Required. The minimum threshold. + :type min_threshold: int + :param max_threshold: Required. The maximum threshold. + :type max_threshold: int + :param time_window_size: Required. The time window size in iso8601 format. + :type time_window_size: timedelta + """ + + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'min_threshold': {'required': True}, + 'max_threshold': {'required': True}, + 'time_window_size': {'required': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'min_threshold': {'key': 'minThreshold', 'type': 'int'}, + 'max_threshold': {'key': 'maxThreshold', 'type': 'int'}, + 'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'}, + } + + def __init__(self, **kwargs): + super(HttpD2CMessagesNotInAllowedRange, self).__init__(**kwargs) + self.rule_type = 'HttpD2CMessagesNotInAllowedRange' + + +class InformationProtectionKeyword(Model): + """The information type keyword. + + :param pattern: The keyword pattern. + :type pattern: str + :param custom: Indicates whether the keyword is custom or not. + :type custom: bool + :param can_be_numeric: Indicates whether the keyword can be applied on + numeric types or not. + :type can_be_numeric: bool + :param excluded: Indicates whether the keyword is excluded or not. + :type excluded: bool + """ + + _attribute_map = { + 'pattern': {'key': 'pattern', 'type': 'str'}, + 'custom': {'key': 'custom', 'type': 'bool'}, + 'can_be_numeric': {'key': 'canBeNumeric', 'type': 'bool'}, + 'excluded': {'key': 'excluded', 'type': 'bool'}, + } + + def __init__(self, **kwargs): + super(InformationProtectionKeyword, self).__init__(**kwargs) + self.pattern = kwargs.get('pattern', None) + self.custom = kwargs.get('custom', None) + self.can_be_numeric = kwargs.get('can_be_numeric', None) + self.excluded = kwargs.get('excluded', None) + + +class InformationProtectionPolicy(Resource): + """Information protection policy. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Resource Id + :vartype id: str + :ivar name: Resource name + :vartype name: str + :ivar type: Resource type + :vartype type: str + :ivar last_modified_utc: Describes the last UTC time the policy was + modified. + :vartype last_modified_utc: datetime + :ivar version: Describes the version of the policy. + :vartype version: str + :param labels: Dictionary of sensitivity labels. + :type labels: dict[str, ~azure.mgmt.security.models.SensitivityLabel] + :param information_types: The sensitivity information types. + :type information_types: dict[str, + ~azure.mgmt.security.models.InformationType] + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'last_modified_utc': {'readonly': True}, + 'version': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'last_modified_utc': {'key': 'properties.lastModifiedUtc', 'type': 'iso-8601'}, + 'version': {'key': 'properties.version', 'type': 'str'}, + 'labels': {'key': 'properties.labels', 'type': '{SensitivityLabel}'}, + 'information_types': {'key': 'properties.informationTypes', 'type': '{InformationType}'}, + } + + def __init__(self, **kwargs): + super(InformationProtectionPolicy, self).__init__(**kwargs) self.last_modified_utc = None + self.version = None self.labels = kwargs.get('labels', None) self.information_types = kwargs.get('information_types', None) @@ -1412,8 +3175,10 @@ class InformationType(Model): :param display_name: The name of the information type. :type display_name: str + :param description: The description of the information type. + :type description: str :param order: The order of the information type. - :type order: float + :type order: int :param recommended_label_id: The recommended label id to be associated with this information type. :type recommended_label_id: str @@ -1428,7 +3193,8 @@ class InformationType(Model): _attribute_map = { 'display_name': {'key': 'displayName', 'type': 'str'}, - 'order': {'key': 'order', 'type': 'float'}, + 'description': {'key': 'description', 'type': 'str'}, + 'order': {'key': 'order', 'type': 'int'}, 'recommended_label_id': {'key': 'recommendedLabelId', 'type': 'str'}, 'enabled': {'key': 'enabled', 'type': 'bool'}, 'custom': {'key': 'custom', 'type': 'bool'}, @@ -1438,6 +3204,7 @@ class InformationType(Model): def __init__(self, **kwargs): super(InformationType, self).__init__(**kwargs) self.display_name = kwargs.get('display_name', None) + self.description = kwargs.get('description', None) self.order = kwargs.get('order', None) self.recommended_label_id = kwargs.get('recommended_label_id', None) self.enabled = kwargs.get('enabled', None) @@ -1459,36 +3226,39 @@ class IoTSecurityAggregatedAlert(Model): :vartype type: str :param tags: Resource tags :type tags: dict[str, str] - :ivar alert_type: Name of the alert type + :ivar alert_type: Name of the alert type. :vartype alert_type: str - :ivar alert_display_name: Display name of the alert type + :ivar alert_display_name: Display name of the alert type. :vartype alert_display_name: str - :ivar aggregated_date_utc: The date the incidents were detected by the - vendor + :ivar aggregated_date_utc: Date of detection. :vartype aggregated_date_utc: date - :ivar vendor_name: Name of the vendor that discovered the incident + :ivar vendor_name: Name of the organization that raised the alert. :vartype vendor_name: str - :ivar reported_severity: Estimated severity of this alert. Possible values - include: 'Informational', 'Low', 'Medium', 'High' + :ivar reported_severity: Assessed alert severity. Possible values include: + 'Informational', 'Low', 'Medium', 'High' :vartype reported_severity: str or ~azure.mgmt.security.models.ReportedSeverity - :ivar remediation_steps: Recommended steps for remediation + :ivar remediation_steps: Recommended steps for remediation. :vartype remediation_steps: str - :ivar description: Description of the incident and what it means + :ivar description: Description of the suspected vulnerability and meaning. :vartype description: str - :ivar count: Occurrence number of the alert within the aggregated date + :ivar count: Number of alerts occurrences within the aggregated time + window. :vartype count: int - :ivar effected_resource_type: Azure resource ID of the resource that got - the alerts + :ivar effected_resource_type: Azure resource ID of the resource that + received the alerts. :vartype effected_resource_type: str - :ivar system_source: The type of the alerted resource (Azure, Non-Azure) + :ivar system_source: The type of the alerted resource (Azure, Non-Azure). :vartype system_source: str - :ivar action_taken: The action that was taken as a response to the alert - (Active, Blocked etc.) + :ivar action_taken: IoT Security solution alert response. :vartype action_taken: str - :ivar log_analytics_query: query in log analytics to get the list of - affected devices/alerts + :ivar log_analytics_query: Log analytics query for getting the list of + affected devices/alerts. :vartype log_analytics_query: str + :ivar top_devices_list: 10 devices with the highest number of occurrences + of this alert type, on this day. + :vartype top_devices_list: + list[~azure.mgmt.security.models.IoTSecurityAggregatedAlertPropertiesTopDevicesListItem] """ _validation = { @@ -1507,6 +3277,7 @@ class IoTSecurityAggregatedAlert(Model): 'system_source': {'readonly': True}, 'action_taken': {'readonly': True}, 'log_analytics_query': {'readonly': True}, + 'top_devices_list': {'readonly': True}, } _attribute_map = { @@ -1526,6 +3297,7 @@ class IoTSecurityAggregatedAlert(Model): 'system_source': {'key': 'properties.systemSource', 'type': 'str'}, 'action_taken': {'key': 'properties.actionTaken', 'type': 'str'}, 'log_analytics_query': {'key': 'properties.logAnalyticsQuery', 'type': 'str'}, + 'top_devices_list': {'key': 'properties.topDevicesList', 'type': '[IoTSecurityAggregatedAlertPropertiesTopDevicesListItem]'}, } def __init__(self, **kwargs): @@ -1546,10 +3318,45 @@ def __init__(self, **kwargs): self.system_source = None self.action_taken = None self.log_analytics_query = None + self.top_devices_list = None + + +class IoTSecurityAggregatedAlertPropertiesTopDevicesListItem(Model): + """IoTSecurityAggregatedAlertPropertiesTopDevicesListItem. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar device_id: Name of the device. + :vartype device_id: str + :ivar alerts_count: Number of alerts raised for this device. + :vartype alerts_count: int + :ivar last_occurrence: Most recent time this alert was raised for this + device, on this day. + :vartype last_occurrence: str + """ + + _validation = { + 'device_id': {'readonly': True}, + 'alerts_count': {'readonly': True}, + 'last_occurrence': {'readonly': True}, + } + + _attribute_map = { + 'device_id': {'key': 'deviceId', 'type': 'str'}, + 'alerts_count': {'key': 'alertsCount', 'type': 'int'}, + 'last_occurrence': {'key': 'lastOccurrence', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(IoTSecurityAggregatedAlertPropertiesTopDevicesListItem, self).__init__(**kwargs) + self.device_id = None + self.alerts_count = None + self.last_occurrence = None class IoTSecurityAggregatedRecommendation(Model): - """Security Solution Recommendation Information. + """IoT Security solution recommendation information. Variables are only populated by the server, and will be ignored when sending a request. @@ -1562,31 +3369,31 @@ class IoTSecurityAggregatedRecommendation(Model): :vartype type: str :param tags: Resource tags :type tags: dict[str, str] - :param recommendation_name: Name of the recommendation + :param recommendation_name: Name of the recommendation. :type recommendation_name: str :ivar recommendation_display_name: Display name of the recommendation type. :vartype recommendation_display_name: str - :ivar description: Description of the incident and what it means + :ivar description: Description of the suspected vulnerability and meaning. :vartype description: str - :ivar recommendation_type_id: The recommendation-type GUID. + :ivar recommendation_type_id: Recommendation-type GUID. :vartype recommendation_type_id: str - :ivar detected_by: Name of the vendor that discovered the issue + :ivar detected_by: Name of the organization that made the recommendation. :vartype detected_by: str :ivar remediation_steps: Recommended steps for remediation :vartype remediation_steps: str - :ivar reported_severity: Estimated severity of this recommendation. - Possible values include: 'Informational', 'Low', 'Medium', 'High' + :ivar reported_severity: Assessed recommendation severity. Possible values + include: 'Informational', 'Low', 'Medium', 'High' :vartype reported_severity: str or ~azure.mgmt.security.models.ReportedSeverity - :ivar healthy_devices: the number of the healthy devices within the - solution + :ivar healthy_devices: Number of healthy devices within the IoT Security + solution. :vartype healthy_devices: int - :ivar unhealthy_device_count: the number of the unhealthy devices within - the solution + :ivar unhealthy_device_count: Number of unhealthy devices within the IoT + Security solution. :vartype unhealthy_device_count: int - :ivar log_analytics_query: query in log analytics to get the list of - affected devices/alerts + :ivar log_analytics_query: Log analytics query for getting the list of + affected devices/alerts. :vartype log_analytics_query: str """ @@ -1641,15 +3448,15 @@ def __init__(self, **kwargs): class IoTSecurityAlertedDevice(Model): - """Statistic information about the number of alerts per device during the last - period. + """Statistical information about the number of alerts per device during last + set number of days. Variables are only populated by the server, and will be ignored when sending a request. - :ivar device_id: Name of the alert type + :ivar device_id: Device identifier. :vartype device_id: str - :ivar alerts_count: the number of alerts raised for this device + :ivar alerts_count: Number of alerts raised for this device. :vartype alerts_count: int """ @@ -1669,42 +3476,20 @@ def __init__(self, **kwargs): self.alerts_count = None -class IoTSecurityAlertedDevicesList(Model): - """List of devices with the count of raised alerts. - - All required parameters must be populated in order to send to Azure. - - :param value: Required. List of aggregated alerts data - :type value: list[~azure.mgmt.security.models.IoTSecurityAlertedDevice] - """ - - _validation = { - 'value': {'required': True}, - } - - _attribute_map = { - 'value': {'key': 'value', 'type': '[IoTSecurityAlertedDevice]'}, - } - - def __init__(self, **kwargs): - super(IoTSecurityAlertedDevicesList, self).__init__(**kwargs) - self.value = kwargs.get('value', None) - - class IoTSecurityDeviceAlert(Model): - """Statistic information about the number of alerts per alert type during the - last period. + """Statistical information about the number of alerts per alert type during + last set number of days. Variables are only populated by the server, and will be ignored when sending a request. :ivar alert_display_name: Display name of the alert :vartype alert_display_name: str - :ivar reported_severity: Estimated severity of this alert. Possible values - include: 'Informational', 'Low', 'Medium', 'High' + :ivar reported_severity: Assessed Alert severity. Possible values include: + 'Informational', 'Low', 'Medium', 'High' :vartype reported_severity: str or ~azure.mgmt.security.models.ReportedSeverity - :ivar alerts_count: the number of alerts raised for this alert type + :ivar alerts_count: Number of alerts raised for this alert type. :vartype alerts_count: int """ @@ -1727,50 +3512,20 @@ def __init__(self, **kwargs): self.alerts_count = None -class IoTSecurityDeviceAlertsList(Model): - """List of alerts with the count of raised alerts. - - Variables are only populated by the server, and will be ignored when - sending a request. - - All required parameters must be populated in order to send to Azure. - - :param value: Required. List of top alerts data - :type value: list[~azure.mgmt.security.models.IoTSecurityDeviceAlert] - :ivar next_link: The URI to fetch the next page. - :vartype next_link: str - """ - - _validation = { - 'value': {'required': True}, - 'next_link': {'readonly': True}, - } - - _attribute_map = { - 'value': {'key': 'value', 'type': '[IoTSecurityDeviceAlert]'}, - 'next_link': {'key': 'nextLink', 'type': 'str'}, - } - - def __init__(self, **kwargs): - super(IoTSecurityDeviceAlertsList, self).__init__(**kwargs) - self.value = kwargs.get('value', None) - self.next_link = None - - class IoTSecurityDeviceRecommendation(Model): - """Statistic information about the number of recommendations per + """Statistical information about the number of recommendations per device, per recommendation type. Variables are only populated by the server, and will be ignored when sending a request. - :ivar recommendation_display_name: Display name of the recommendation + :ivar recommendation_display_name: Display name of the recommendation. :vartype recommendation_display_name: str - :ivar reported_severity: Estimated severity of this recommendation. - Possible values include: 'Informational', 'Low', 'Medium', 'High' + :ivar reported_severity: Assessed recommendation severity. Possible values + include: 'Informational', 'Low', 'Medium', 'High' :vartype reported_severity: str or ~azure.mgmt.security.models.ReportedSeverity - :ivar devices_count: the number of device with this recommendation + :ivar devices_count: Number of devices with this recommendation. :vartype devices_count: int """ @@ -1793,31 +3548,8 @@ def __init__(self, **kwargs): self.devices_count = None -class IoTSecurityDeviceRecommendationsList(Model): - """List of recommendations with the count of devices. - - All required parameters must be populated in order to send to Azure. - - :param value: Required. List of aggregated recommendation data - :type value: - list[~azure.mgmt.security.models.IoTSecurityDeviceRecommendation] - """ - - _validation = { - 'value': {'required': True}, - } - - _attribute_map = { - 'value': {'key': 'value', 'type': '[IoTSecurityDeviceRecommendation]'}, - } - - def __init__(self, **kwargs): - super(IoTSecurityDeviceRecommendationsList, self).__init__(**kwargs) - self.value = kwargs.get('value', None) - - class IoTSecuritySolutionAnalyticsModel(Resource): - """Security Analytics of a security solution. + """Security analytics of your IoT Security solution. Variables are only populated by the server, and will be ignored when sending a request. @@ -1828,24 +3560,25 @@ class IoTSecuritySolutionAnalyticsModel(Resource): :vartype name: str :ivar type: Resource type :vartype type: str - :ivar metrics: Security Analytics of a security solution + :ivar metrics: Security analytics of your IoT Security solution. :vartype metrics: ~azure.mgmt.security.models.IoTSeverityMetrics - :ivar unhealthy_device_count: number of unhealthy devices + :ivar unhealthy_device_count: Number of unhealthy devices within your IoT + Security solution. :vartype unhealthy_device_count: int - :ivar devices_metrics: The list of devices metrics by the aggregated date. + :ivar devices_metrics: List of device metrics by the aggregation date. :vartype devices_metrics: list[~azure.mgmt.security.models.IoTSecuritySolutionAnalyticsModelPropertiesDevicesMetricsItem] - :param top_alerted_devices: The list of top 3 devices with the most - attacked. + :param top_alerted_devices: List of the 3 devices with the most alerts. :type top_alerted_devices: - ~azure.mgmt.security.models.IoTSecurityAlertedDevicesList - :param most_prevalent_device_alerts: The list of most prevalent 3 alerts. + list[~azure.mgmt.security.models.IoTSecurityAlertedDevice] + :param most_prevalent_device_alerts: List of the 3 most prevalent device + alerts. :type most_prevalent_device_alerts: - ~azure.mgmt.security.models.IoTSecurityDeviceAlertsList - :param most_prevalent_device_recommendations: The list of most prevalent 3 - recommendations. + list[~azure.mgmt.security.models.IoTSecurityDeviceAlert] + :param most_prevalent_device_recommendations: List of the 3 most prevalent + device recommendations. :type most_prevalent_device_recommendations: - ~azure.mgmt.security.models.IoTSecurityDeviceRecommendationsList + list[~azure.mgmt.security.models.IoTSecurityDeviceRecommendation] """ _validation = { @@ -1864,9 +3597,9 @@ class IoTSecuritySolutionAnalyticsModel(Resource): 'metrics': {'key': 'properties.metrics', 'type': 'IoTSeverityMetrics'}, 'unhealthy_device_count': {'key': 'properties.unhealthyDeviceCount', 'type': 'int'}, 'devices_metrics': {'key': 'properties.devicesMetrics', 'type': '[IoTSecuritySolutionAnalyticsModelPropertiesDevicesMetricsItem]'}, - 'top_alerted_devices': {'key': 'properties.topAlertedDevices', 'type': 'IoTSecurityAlertedDevicesList'}, - 'most_prevalent_device_alerts': {'key': 'properties.mostPrevalentDeviceAlerts', 'type': 'IoTSecurityDeviceAlertsList'}, - 'most_prevalent_device_recommendations': {'key': 'properties.mostPrevalentDeviceRecommendations', 'type': 'IoTSecurityDeviceRecommendationsList'}, + 'top_alerted_devices': {'key': 'properties.topAlertedDevices', 'type': '[IoTSecurityAlertedDevice]'}, + 'most_prevalent_device_alerts': {'key': 'properties.mostPrevalentDeviceAlerts', 'type': '[IoTSecurityDeviceAlert]'}, + 'most_prevalent_device_recommendations': {'key': 'properties.mostPrevalentDeviceRecommendations', 'type': '[IoTSecurityDeviceRecommendation]'}, } def __init__(self, **kwargs): @@ -1880,17 +3613,19 @@ def __init__(self, **kwargs): class IoTSecuritySolutionAnalyticsModelList(Model): - """List of Security Analytics of a security solution. + """List of Security analytics of your IoT Security solution. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :param value: Required. List of Security Analytics of a security solution + :param value: Required. List of Security analytics of your IoT Security + solution :type value: list[~azure.mgmt.security.models.IoTSecuritySolutionAnalyticsModel] - :ivar next_link: The URI to fetch the next page. + :ivar next_link: When there is too much alert data for one page, use this + URI to fetch the next page. :vartype next_link: str """ @@ -1913,9 +3648,10 @@ def __init__(self, **kwargs): class IoTSecuritySolutionAnalyticsModelPropertiesDevicesMetricsItem(Model): """IoTSecuritySolutionAnalyticsModelPropertiesDevicesMetricsItem. - :param date_property: the date of the metrics + :param date_property: Aggregation of IoT Security solution device alert + metrics by date. :type date_property: datetime - :param devices_metrics: devices alerts count by severity. + :param devices_metrics: Device alert count by severity. :type devices_metrics: ~azure.mgmt.security.models.IoTSeverityMetrics """ @@ -1931,7 +3667,7 @@ def __init__(self, **kwargs): class IoTSecuritySolutionModel(Model): - """Security Solution. + """IoT Security solution configuration and resource information. Variables are only populated by the server, and will be ignored when sending a request. @@ -1948,14 +3684,14 @@ class IoTSecuritySolutionModel(Model): :type tags: dict[str, str] :param location: The resource location. :type location: str - :param workspace: Required. Workspace resource ID + :param workspace: Workspace resource ID :type workspace: str :param display_name: Required. Resource display name. :type display_name: str - :param status: Security solution status. Possible values include: - 'Enabled', 'Disabled'. Default value: "Enabled" . + :param status: Status of the IoT Security solution. Possible values + include: 'Enabled', 'Disabled'. Default value: "Enabled" . :type status: str or ~azure.mgmt.security.models.SecuritySolutionStatus - :param export: List of additional export to workspace data options + :param export: List of additional options for exporting to workspace data. :type export: list[str or ~azure.mgmt.security.models.ExportData] :param disabled_data_sources: Disabled data sources. Disabling these data sources compromises the system. @@ -1972,13 +3708,17 @@ class IoTSecuritySolutionModel(Model): :param recommendations_configuration: :type recommendations_configuration: list[~azure.mgmt.security.models.RecommendationConfigurationProperties] + :param unmasked_ip_logging_status: Unmasked IP address logging status. + Possible values include: 'Disabled', 'Enabled'. Default value: "Disabled" + . + :type unmasked_ip_logging_status: str or + ~azure.mgmt.security.models.UnmaskedIpLoggingStatus """ _validation = { 'id': {'readonly': True}, 'name': {'readonly': True}, 'type': {'readonly': True}, - 'workspace': {'required': True}, 'display_name': {'required': True}, 'iot_hubs': {'required': True}, 'auto_discovered_resources': {'readonly': True}, @@ -1999,6 +3739,7 @@ class IoTSecuritySolutionModel(Model): 'user_defined_resources': {'key': 'properties.userDefinedResources', 'type': 'UserDefinedResourcesProperties'}, 'auto_discovered_resources': {'key': 'properties.autoDiscoveredResources', 'type': '[str]'}, 'recommendations_configuration': {'key': 'properties.recommendationsConfiguration', 'type': '[RecommendationConfigurationProperties]'}, + 'unmasked_ip_logging_status': {'key': 'properties.unmaskedIpLoggingStatus', 'type': 'str'}, } def __init__(self, **kwargs): @@ -2017,16 +3758,17 @@ def __init__(self, **kwargs): self.user_defined_resources = kwargs.get('user_defined_resources', None) self.auto_discovered_resources = None self.recommendations_configuration = kwargs.get('recommendations_configuration', None) + self.unmasked_ip_logging_status = kwargs.get('unmasked_ip_logging_status', "Disabled") class IoTSeverityMetrics(Model): - """Severity metrics. + """IoT Security solution analytics severity metrics. - :param high: count of high severity items + :param high: Count of high severity alerts/recommendations. :type high: int - :param medium: count of medium severity items + :param medium: Count of medium severity alerts/recommendations. :type medium: int - :param low: count of low severity items + :param low: Count of low severity alerts/recommendations. :type low: int """ @@ -2146,6 +3888,8 @@ class JitNetworkAccessPolicyInitiateRequest(Model): open access for :type virtual_machines: list[~azure.mgmt.security.models.JitNetworkAccessPolicyInitiateVirtualMachine] + :param justification: The justification for making the initiate request + :type justification: str """ _validation = { @@ -2154,11 +3898,13 @@ class JitNetworkAccessPolicyInitiateRequest(Model): _attribute_map = { 'virtual_machines': {'key': 'virtualMachines', 'type': '[JitNetworkAccessPolicyInitiateVirtualMachine]'}, + 'justification': {'key': 'justification', 'type': 'str'}, } def __init__(self, **kwargs): super(JitNetworkAccessPolicyInitiateRequest, self).__init__(**kwargs) self.virtual_machines = kwargs.get('virtual_machines', None) + self.justification = kwargs.get('justification', None) class JitNetworkAccessPolicyInitiateVirtualMachine(Model): @@ -2281,6 +4027,8 @@ class JitNetworkAccessRequest(Model): :param requestor: Required. The identity of the person who made the request :type requestor: str + :param justification: The justification for making the initiate request + :type justification: str """ _validation = { @@ -2293,6 +4041,7 @@ class JitNetworkAccessRequest(Model): 'virtual_machines': {'key': 'virtualMachines', 'type': '[JitNetworkAccessRequestVirtualMachine]'}, 'start_time_utc': {'key': 'startTimeUtc', 'type': 'iso-8601'}, 'requestor': {'key': 'requestor', 'type': 'str'}, + 'justification': {'key': 'justification', 'type': 'str'}, } def __init__(self, **kwargs): @@ -2300,6 +4049,7 @@ def __init__(self, **kwargs): self.virtual_machines = kwargs.get('virtual_machines', None) self.start_time_utc = kwargs.get('start_time_utc', None) self.requestor = kwargs.get('requestor', None) + self.justification = kwargs.get('justification', None) class JitNetworkAccessRequestPort(Model): @@ -2403,36 +4153,276 @@ def __init__(self, **kwargs): self.kind = kwargs.get('kind', None) -class Location(Model): - """Describes an Azure resource with location. +class LocalUserNotAllowed(AllowlistCustomAlertRule): + """Login by a local user that isn't allowed. Allow list consists of login + names to allow. Variables are only populated by the server, and will be ignored when sending a request. - :ivar location: Location where the resource is stored - :vartype location: str + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :ivar value_type: The value type of the items in the list. Possible values + include: 'IpCidr', 'String' + :vartype value_type: str or ~azure.mgmt.security.models.ValueType + :param allowlist_values: Required. The values to allow. The format of the + values depends on the rule type. + :type allowlist_values: list[str] """ _validation = { - 'location': {'readonly': True}, + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'value_type': {'readonly': True}, + 'allowlist_values': {'required': True}, } _attribute_map = { - 'location': {'key': 'location', 'type': 'str'}, + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'value_type': {'key': 'valueType', 'type': 'str'}, + 'allowlist_values': {'key': 'allowlistValues', 'type': '[str]'}, } def __init__(self, **kwargs): - super(Location, self).__init__(**kwargs) - self.location = None + super(LocalUserNotAllowed, self).__init__(**kwargs) + self.rule_type = 'LocalUserNotAllowed' -class Operation(Model): - """Possible operation in the REST API of Microsoft.Security. +class Location(Model): + """Describes an Azure resource with location. Variables are only populated by the server, and will be ignored when sending a request. - :ivar name: Name of the operation + :ivar location: Location where the resource is stored + :vartype location: str + """ + + _validation = { + 'location': {'readonly': True}, + } + + _attribute_map = { + 'location': {'key': 'location', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(Location, self).__init__(**kwargs) + self.location = None + + +class MqttC2DMessagesNotInAllowedRange(TimeWindowCustomAlertRule): + """Number of cloud to device messages (MQTT protocol) is not in allowed range. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :param min_threshold: Required. The minimum threshold. + :type min_threshold: int + :param max_threshold: Required. The maximum threshold. + :type max_threshold: int + :param time_window_size: Required. The time window size in iso8601 format. + :type time_window_size: timedelta + """ + + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'min_threshold': {'required': True}, + 'max_threshold': {'required': True}, + 'time_window_size': {'required': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'min_threshold': {'key': 'minThreshold', 'type': 'int'}, + 'max_threshold': {'key': 'maxThreshold', 'type': 'int'}, + 'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'}, + } + + def __init__(self, **kwargs): + super(MqttC2DMessagesNotInAllowedRange, self).__init__(**kwargs) + self.rule_type = 'MqttC2DMessagesNotInAllowedRange' + + +class MqttC2DRejectedMessagesNotInAllowedRange(TimeWindowCustomAlertRule): + """Number of rejected cloud to device messages (MQTT protocol) is not in + allowed range. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :param min_threshold: Required. The minimum threshold. + :type min_threshold: int + :param max_threshold: Required. The maximum threshold. + :type max_threshold: int + :param time_window_size: Required. The time window size in iso8601 format. + :type time_window_size: timedelta + """ + + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'min_threshold': {'required': True}, + 'max_threshold': {'required': True}, + 'time_window_size': {'required': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'min_threshold': {'key': 'minThreshold', 'type': 'int'}, + 'max_threshold': {'key': 'maxThreshold', 'type': 'int'}, + 'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'}, + } + + def __init__(self, **kwargs): + super(MqttC2DRejectedMessagesNotInAllowedRange, self).__init__(**kwargs) + self.rule_type = 'MqttC2DRejectedMessagesNotInAllowedRange' + + +class MqttD2CMessagesNotInAllowedRange(TimeWindowCustomAlertRule): + """Number of device to cloud messages (MQTT protocol) is not in allowed range. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :param min_threshold: Required. The minimum threshold. + :type min_threshold: int + :param max_threshold: Required. The maximum threshold. + :type max_threshold: int + :param time_window_size: Required. The time window size in iso8601 format. + :type time_window_size: timedelta + """ + + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'min_threshold': {'required': True}, + 'max_threshold': {'required': True}, + 'time_window_size': {'required': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'min_threshold': {'key': 'minThreshold', 'type': 'int'}, + 'max_threshold': {'key': 'maxThreshold', 'type': 'int'}, + 'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'}, + } + + def __init__(self, **kwargs): + super(MqttD2CMessagesNotInAllowedRange, self).__init__(**kwargs) + self.rule_type = 'MqttD2CMessagesNotInAllowedRange' + + +class OnPremiseResourceDetails(ResourceDetails): + """Details of the On Premise resource that was assessed. + + All required parameters must be populated in order to send to Azure. + + :param source: Required. Constant filled by server. + :type source: str + :param workspace_id: Required. Azure resource Id of the workspace the + machine is attached to + :type workspace_id: str + :param vmuuid: Required. The unique Id of the machine + :type vmuuid: str + :param source_computer_id: Required. The oms agent Id installed on the + machine + :type source_computer_id: str + :param machine_name: Required. The name of the machine + :type machine_name: str + """ + + _validation = { + 'source': {'required': True}, + 'workspace_id': {'required': True}, + 'vmuuid': {'required': True}, + 'source_computer_id': {'required': True}, + 'machine_name': {'required': True}, + } + + _attribute_map = { + 'source': {'key': 'source', 'type': 'str'}, + 'workspace_id': {'key': 'workspaceId', 'type': 'str'}, + 'vmuuid': {'key': 'vmuuid', 'type': 'str'}, + 'source_computer_id': {'key': 'sourceComputerId', 'type': 'str'}, + 'machine_name': {'key': 'machineName', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(OnPremiseResourceDetails, self).__init__(**kwargs) + self.workspace_id = kwargs.get('workspace_id', None) + self.vmuuid = kwargs.get('vmuuid', None) + self.source_computer_id = kwargs.get('source_computer_id', None) + self.machine_name = kwargs.get('machine_name', None) + self.source = 'OnPremise' + + +class Operation(Model): + """Possible operation in the REST API of Microsoft.Security. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar name: Name of the operation :vartype name: str :ivar origin: Where the operation is originated :vartype origin: str @@ -2549,7 +4539,10 @@ def __init__(self, **kwargs): class Pricing(Resource): - """Pricing tier will be applied for the scope based on the resource ID. + """Azure Security Center is provided in two pricing tiers: free and standard, + with the standard tier available with a trial period. The standard tier + offers advanced security capabilities, while the free tier offers basic + security features. Variables are only populated by the server, and will be ignored when sending a request. @@ -2617,6 +4610,83 @@ def __init__(self, **kwargs): self.value = kwargs.get('value', None) +class ProcessNotAllowed(AllowlistCustomAlertRule): + """Execution of a process that isn't allowed. Allow list consists of process + names to allow. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :ivar value_type: The value type of the items in the list. Possible values + include: 'IpCidr', 'String' + :vartype value_type: str or ~azure.mgmt.security.models.ValueType + :param allowlist_values: Required. The values to allow. The format of the + values depends on the rule type. + :type allowlist_values: list[str] + """ + + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'value_type': {'readonly': True}, + 'allowlist_values': {'required': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'value_type': {'key': 'valueType', 'type': 'str'}, + 'allowlist_values': {'key': 'allowlistValues', 'type': '[str]'}, + } + + def __init__(self, **kwargs): + super(ProcessNotAllowed, self).__init__(**kwargs) + self.rule_type = 'ProcessNotAllowed' + + +class ProtectionMode(Model): + """The protection mode of the collection/file types. Exe/Msi/Script are used + for Windows, Executable is used for Linux. + + :param exe: Possible values include: 'Audit', 'Enforce', 'None' + :type exe: str or ~azure.mgmt.security.models.enum + :param msi: Possible values include: 'Audit', 'Enforce', 'None' + :type msi: str or ~azure.mgmt.security.models.enum + :param script: Possible values include: 'Audit', 'Enforce', 'None' + :type script: str or ~azure.mgmt.security.models.enum + :param executable: Possible values include: 'Audit', 'Enforce', 'None' + :type executable: str or ~azure.mgmt.security.models.enum + """ + + _attribute_map = { + 'exe': {'key': 'exe', 'type': 'str'}, + 'msi': {'key': 'msi', 'type': 'str'}, + 'script': {'key': 'script', 'type': 'str'}, + 'executable': {'key': 'executable', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(ProtectionMode, self).__init__(**kwargs) + self.exe = kwargs.get('exe', None) + self.msi = kwargs.get('msi', None) + self.script = kwargs.get('script', None) + self.executable = kwargs.get('executable', None) + + class PublisherInfo(Model): """Represents the publisher information of a process/rule. @@ -2650,16 +4720,65 @@ def __init__(self, **kwargs): self.version = kwargs.get('version', None) +class QueuePurgesNotInAllowedRange(TimeWindowCustomAlertRule): + """Number of device queue purges is not in allowed range. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :param min_threshold: Required. The minimum threshold. + :type min_threshold: int + :param max_threshold: Required. The maximum threshold. + :type max_threshold: int + :param time_window_size: Required. The time window size in iso8601 format. + :type time_window_size: timedelta + """ + + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'min_threshold': {'required': True}, + 'max_threshold': {'required': True}, + 'time_window_size': {'required': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'min_threshold': {'key': 'minThreshold', 'type': 'int'}, + 'max_threshold': {'key': 'maxThreshold', 'type': 'int'}, + 'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'}, + } + + def __init__(self, **kwargs): + super(QueuePurgesNotInAllowedRange, self).__init__(**kwargs) + self.rule_type = 'QueuePurgesNotInAllowedRange' + + class RecommendationConfigurationProperties(Model): - """Recommendation configuration. + """The type of IoT Security recommendation. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :param recommendation_type: Required. The recommendation type. Possible - values include: 'IoT_ACRAuthentication', + :param recommendation_type: Required. The type of IoT Security + recommendation. Possible values include: 'IoT_ACRAuthentication', 'IoT_AgentSendsUnutilizedMessages', 'IoT_Baseline', 'IoT_EdgeHubMemOptimize', 'IoT_EdgeLoggingOptions', 'IoT_InconsistentModuleSettings', 'IoT_InstallAgent', @@ -2671,9 +4790,9 @@ class RecommendationConfigurationProperties(Model): ~azure.mgmt.security.models.RecommendationType :ivar name: :vartype name: str - :param status: Required. Recommendation status. The recommendation is not - generated when the status is disabled. Possible values include: - 'Disabled', 'Enabled'. Default value: "Enabled" . + :param status: Required. Recommendation status. When the recommendation + status is disabled recommendations are not generated. Possible values + include: 'Disabled', 'Enabled'. Default value: "Enabled" . :type status: str or ~azure.mgmt.security.models.RecommendationConfigStatus """ @@ -2814,83 +4933,664 @@ class RegulatoryComplianceControl(Resource): } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'description': {'key': 'properties.description', 'type': 'str'}, - 'state': {'key': 'properties.state', 'type': 'str'}, - 'passed_assessments': {'key': 'properties.passedAssessments', 'type': 'int'}, - 'failed_assessments': {'key': 'properties.failedAssessments', 'type': 'int'}, - 'skipped_assessments': {'key': 'properties.skippedAssessments', 'type': 'int'}, + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'state': {'key': 'properties.state', 'type': 'str'}, + 'passed_assessments': {'key': 'properties.passedAssessments', 'type': 'int'}, + 'failed_assessments': {'key': 'properties.failedAssessments', 'type': 'int'}, + 'skipped_assessments': {'key': 'properties.skippedAssessments', 'type': 'int'}, + } + + def __init__(self, **kwargs): + super(RegulatoryComplianceControl, self).__init__(**kwargs) + self.description = None + self.state = kwargs.get('state', None) + self.passed_assessments = None + self.failed_assessments = None + self.skipped_assessments = None + + +class RegulatoryComplianceStandard(Resource): + """Regulatory compliance standard details and state. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Resource Id + :vartype id: str + :ivar name: Resource name + :vartype name: str + :ivar type: Resource type + :vartype type: str + :param state: Aggregative state based on the standard's supported controls + states. Possible values include: 'Passed', 'Failed', 'Skipped', + 'Unsupported' + :type state: str or ~azure.mgmt.security.models.State + :ivar passed_controls: The number of supported regulatory compliance + controls of the given standard with a passed state + :vartype passed_controls: int + :ivar failed_controls: The number of supported regulatory compliance + controls of the given standard with a failed state + :vartype failed_controls: int + :ivar skipped_controls: The number of supported regulatory compliance + controls of the given standard with a skipped state + :vartype skipped_controls: int + :ivar unsupported_controls: The number of regulatory compliance controls + of the given standard which are unsupported by automated assessments + :vartype unsupported_controls: int + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'passed_controls': {'readonly': True}, + 'failed_controls': {'readonly': True}, + 'skipped_controls': {'readonly': True}, + 'unsupported_controls': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'state': {'key': 'properties.state', 'type': 'str'}, + 'passed_controls': {'key': 'properties.passedControls', 'type': 'int'}, + 'failed_controls': {'key': 'properties.failedControls', 'type': 'int'}, + 'skipped_controls': {'key': 'properties.skippedControls', 'type': 'int'}, + 'unsupported_controls': {'key': 'properties.unsupportedControls', 'type': 'int'}, + } + + def __init__(self, **kwargs): + super(RegulatoryComplianceStandard, self).__init__(**kwargs) + self.state = kwargs.get('state', None) + self.passed_controls = None + self.failed_controls = None + self.skipped_controls = None + self.unsupported_controls = None + + +class Rule(Model): + """Describes remote addresses that is recommended to communicate with the + Azure resource on some (Protocol, Port, Direction). All other remote + addresses are recommended to be blocked. + + :param name: The name of the rule + :type name: str + :param direction: The rule's direction. Possible values include: + 'Inbound', 'Outbound' + :type direction: str or ~azure.mgmt.security.models.Direction + :param destination_port: The rule's destination port + :type destination_port: int + :param protocols: The rule's transport protocols + :type protocols: list[str or + ~azure.mgmt.security.models.TransportProtocol] + :param ip_addresses: The remote IP addresses that should be able to + communicate with the Azure resource on the rule's destination port and + protocol + :type ip_addresses: list[str] + """ + + _attribute_map = { + 'name': {'key': 'name', 'type': 'str'}, + 'direction': {'key': 'direction', 'type': 'str'}, + 'destination_port': {'key': 'destinationPort', 'type': 'int'}, + 'protocols': {'key': 'protocols', 'type': '[str]'}, + 'ip_addresses': {'key': 'ipAddresses', 'type': '[str]'}, + } + + def __init__(self, **kwargs): + super(Rule, self).__init__(**kwargs) + self.name = kwargs.get('name', None) + self.direction = kwargs.get('direction', None) + self.destination_port = kwargs.get('destination_port', None) + self.protocols = kwargs.get('protocols', None) + self.ip_addresses = kwargs.get('ip_addresses', None) + + +class ScopeElement(Model): + """A more specific scope used to identify the alerts to suppress. + + :param additional_properties: Unmatched properties from the message are + deserialized this collection + :type additional_properties: dict[str, object] + :param field: The alert entity type to suppress by. + :type field: str + """ + + _attribute_map = { + 'additional_properties': {'key': '', 'type': '{object}'}, + 'field': {'key': 'field', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(ScopeElement, self).__init__(**kwargs) + self.additional_properties = kwargs.get('additional_properties', None) + self.field = kwargs.get('field', None) + + +class SecureScoreControlDefinitionItem(Resource): + """Information about the security control. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Resource Id + :vartype id: str + :ivar name: Resource name + :vartype name: str + :ivar type: Resource type + :vartype type: str + :ivar display_name: User friendly display name of the control + :vartype display_name: str + :ivar description: User friendly description of the control + :vartype description: str + :ivar max_score: Maximum control score (0..10) + :vartype max_score: int + :ivar source: Source object from which the control was created + :vartype source: + ~azure.mgmt.security.models.SecureScoreControlDefinitionSource + :ivar assessment_definitions: Array of assessments metadata IDs that are + included in this security control + :vartype assessment_definitions: + list[~azure.mgmt.security.models.AzureResourceLink] + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'display_name': {'readonly': True}, + 'description': {'readonly': True, 'max_length': 256}, + 'max_score': {'readonly': True, 'maximum': 10, 'minimum': 0}, + 'source': {'readonly': True}, + 'assessment_definitions': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'max_score': {'key': 'properties.maxScore', 'type': 'int'}, + 'source': {'key': 'properties.source', 'type': 'SecureScoreControlDefinitionSource'}, + 'assessment_definitions': {'key': 'properties.assessmentDefinitions', 'type': '[AzureResourceLink]'}, + } + + def __init__(self, **kwargs): + super(SecureScoreControlDefinitionItem, self).__init__(**kwargs) + self.display_name = None + self.description = None + self.max_score = None + self.source = None + self.assessment_definitions = None + + +class SecureScoreControlDefinitionSource(Model): + """The type of the security control (For example, BuiltIn). + + :param source_type: The type of security control (for example, BuiltIn). + Possible values include: 'BuiltIn', 'Custom' + :type source_type: str or ~azure.mgmt.security.models.ControlType + """ + + _attribute_map = { + 'source_type': {'key': 'sourceType', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(SecureScoreControlDefinitionSource, self).__init__(**kwargs) + self.source_type = kwargs.get('source_type', None) + + +class SecureScoreControlDetails(Resource): + """Details of the security control, its score, and the health status of the + relevant resources. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Resource Id + :vartype id: str + :ivar name: Resource name + :vartype name: str + :ivar type: Resource type + :vartype type: str + :ivar display_name: User friendly display name of the control + :vartype display_name: str + :ivar max: Maximum score available + :vartype max: int + :ivar current: Current score + :vartype current: float + :ivar healthy_resource_count: Number of healthy resources in the control + :vartype healthy_resource_count: int + :ivar unhealthy_resource_count: Number of unhealthy resources in the + control + :vartype unhealthy_resource_count: int + :ivar not_applicable_resource_count: Number of not applicable resources in + the control + :vartype not_applicable_resource_count: int + :param definition: + :type definition: + ~azure.mgmt.security.models.SecureScoreControlDefinitionItem + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'display_name': {'readonly': True}, + 'max': {'readonly': True, 'minimum': 0}, + 'current': {'readonly': True, 'minimum': 0}, + 'healthy_resource_count': {'readonly': True}, + 'unhealthy_resource_count': {'readonly': True}, + 'not_applicable_resource_count': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'max': {'key': 'properties.score.max', 'type': 'int'}, + 'current': {'key': 'properties.score.current', 'type': 'float'}, + 'healthy_resource_count': {'key': 'properties.healthyResourceCount', 'type': 'int'}, + 'unhealthy_resource_count': {'key': 'properties.unhealthyResourceCount', 'type': 'int'}, + 'not_applicable_resource_count': {'key': 'properties.notApplicableResourceCount', 'type': 'int'}, + 'definition': {'key': 'properties.definition', 'type': 'SecureScoreControlDefinitionItem'}, + } + + def __init__(self, **kwargs): + super(SecureScoreControlDetails, self).__init__(**kwargs) + self.display_name = None + self.max = None + self.current = None + self.healthy_resource_count = None + self.unhealthy_resource_count = None + self.not_applicable_resource_count = None + self.definition = kwargs.get('definition', None) + + +class SecureScoreControlScore(Model): + """Calculation result data. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar max: Maximum control score (0..10) + :vartype max: int + :ivar current: Actual score for the control = (achieved points / total + points) * max score. if total points is zeroed, the return number is 0.00 + :vartype current: float + """ + + _validation = { + 'max': {'readonly': True, 'maximum': 10, 'minimum': 0}, + 'current': {'readonly': True, 'maximum': 10, 'minimum': 0}, + } + + _attribute_map = { + 'max': {'key': 'max', 'type': 'int'}, + 'current': {'key': 'current', 'type': 'float'}, + } + + def __init__(self, **kwargs): + super(SecureScoreControlScore, self).__init__(**kwargs) + self.max = None + self.current = None + + +class SecureScoreItem(Resource): + """Secure score item data model. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Resource Id + :vartype id: str + :ivar name: Resource name + :vartype name: str + :ivar type: Resource type + :vartype type: str + :ivar display_name: The initiative’s name + :vartype display_name: str + :ivar max: Maximum score available + :vartype max: int + :ivar current: Current score + :vartype current: float + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'display_name': {'readonly': True}, + 'max': {'readonly': True, 'minimum': 0}, + 'current': {'readonly': True, 'minimum': 0}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'max': {'key': 'properties.score.max', 'type': 'int'}, + 'current': {'key': 'properties.score.current', 'type': 'float'}, + } + + def __init__(self, **kwargs): + super(SecureScoreItem, self).__init__(**kwargs) + self.display_name = None + self.max = None + self.current = None + + +class SecurityAssessment(Resource): + """Security assessment on a resource. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Resource Id + :vartype id: str + :ivar name: Resource name + :vartype name: str + :ivar type: Resource type + :vartype type: str + :param resource_details: Required. + :type resource_details: ~azure.mgmt.security.models.ResourceDetails + :ivar display_name: User friendly display name of the assessment + :vartype display_name: str + :param status: Required. + :type status: ~azure.mgmt.security.models.AssessmentStatus + :param additional_data: Additional data regarding the assessment + :type additional_data: dict[str, str] + :param links: + :type links: ~azure.mgmt.security.models.AssessmentLinks + :param metadata: + :type metadata: + ~azure.mgmt.security.models.SecurityAssessmentMetadataProperties + :param partners_data: + :type partners_data: + ~azure.mgmt.security.models.SecurityAssessmentPartnerData + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'resource_details': {'required': True}, + 'display_name': {'readonly': True}, + 'status': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'resource_details': {'key': 'properties.resourceDetails', 'type': 'ResourceDetails'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'status': {'key': 'properties.status', 'type': 'AssessmentStatus'}, + 'additional_data': {'key': 'properties.additionalData', 'type': '{str}'}, + 'links': {'key': 'properties.links', 'type': 'AssessmentLinks'}, + 'metadata': {'key': 'properties.metadata', 'type': 'SecurityAssessmentMetadataProperties'}, + 'partners_data': {'key': 'properties.partnersData', 'type': 'SecurityAssessmentPartnerData'}, + } + + def __init__(self, **kwargs): + super(SecurityAssessment, self).__init__(**kwargs) + self.resource_details = kwargs.get('resource_details', None) + self.display_name = None + self.status = kwargs.get('status', None) + self.additional_data = kwargs.get('additional_data', None) + self.links = kwargs.get('links', None) + self.metadata = kwargs.get('metadata', None) + self.partners_data = kwargs.get('partners_data', None) + + +class SecurityAssessmentMetadata(Resource): + """Security assessment metadata. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Resource Id + :vartype id: str + :ivar name: Resource name + :vartype name: str + :ivar type: Resource type + :vartype type: str + :param display_name: Required. User friendly display name of the + assessment + :type display_name: str + :ivar policy_definition_id: Azure resource ID of the policy definition + that turns this assessment calculation on + :vartype policy_definition_id: str + :param description: Human readable description of the assessment + :type description: str + :param remediation_description: Human readable description of what you + should do to mitigate this security issue + :type remediation_description: str + :param category: + :type category: list[str or ~azure.mgmt.security.models.Category] + :param severity: Required. The severity level of the assessment. Possible + values include: 'Low', 'Medium', 'High' + :type severity: str or ~azure.mgmt.security.models.Severity + :param user_impact: The user impact of the assessment. Possible values + include: 'Low', 'Moderate', 'High' + :type user_impact: str or ~azure.mgmt.security.models.UserImpact + :param implementation_effort: The implementation effort required to + remediate this assessment. Possible values include: 'Low', 'Moderate', + 'High' + :type implementation_effort: str or + ~azure.mgmt.security.models.ImplementationEffort + :param threats: + :type threats: list[str or ~azure.mgmt.security.models.Threats] + :param preview: True if this assessment is in preview release status + :type preview: bool + :param assessment_type: Required. BuiltIn if the assessment based on + built-in Azure Policy definition, Custom if the assessment based on custom + Azure Policy definition. Possible values include: 'BuiltIn', + 'CustomPolicy', 'CustomerManaged', 'VerifiedPartner' + :type assessment_type: str or ~azure.mgmt.security.models.AssessmentType + :param partner_data: + :type partner_data: + ~azure.mgmt.security.models.SecurityAssessmentMetadataPartnerData + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'display_name': {'required': True}, + 'policy_definition_id': {'readonly': True}, + 'severity': {'required': True}, + 'assessment_type': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'policy_definition_id': {'key': 'properties.policyDefinitionId', 'type': 'str'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'remediation_description': {'key': 'properties.remediationDescription', 'type': 'str'}, + 'category': {'key': 'properties.category', 'type': '[str]'}, + 'severity': {'key': 'properties.severity', 'type': 'str'}, + 'user_impact': {'key': 'properties.userImpact', 'type': 'str'}, + 'implementation_effort': {'key': 'properties.implementationEffort', 'type': 'str'}, + 'threats': {'key': 'properties.threats', 'type': '[str]'}, + 'preview': {'key': 'properties.preview', 'type': 'bool'}, + 'assessment_type': {'key': 'properties.assessmentType', 'type': 'str'}, + 'partner_data': {'key': 'properties.partnerData', 'type': 'SecurityAssessmentMetadataPartnerData'}, + } + + def __init__(self, **kwargs): + super(SecurityAssessmentMetadata, self).__init__(**kwargs) + self.display_name = kwargs.get('display_name', None) + self.policy_definition_id = None + self.description = kwargs.get('description', None) + self.remediation_description = kwargs.get('remediation_description', None) + self.category = kwargs.get('category', None) + self.severity = kwargs.get('severity', None) + self.user_impact = kwargs.get('user_impact', None) + self.implementation_effort = kwargs.get('implementation_effort', None) + self.threats = kwargs.get('threats', None) + self.preview = kwargs.get('preview', None) + self.assessment_type = kwargs.get('assessment_type', None) + self.partner_data = kwargs.get('partner_data', None) + + +class SecurityAssessmentMetadataPartnerData(Model): + """Describes the partner that created the assessment. + + All required parameters must be populated in order to send to Azure. + + :param partner_name: Required. Name of the company of the partner + :type partner_name: str + :param product_name: Name of the product of the partner that created the + assessment + :type product_name: str + :param secret: Required. Secret to authenticate the partner and verify it + created the assessment - write only + :type secret: str + """ + + _validation = { + 'partner_name': {'required': True}, + 'secret': {'required': True}, + } + + _attribute_map = { + 'partner_name': {'key': 'partnerName', 'type': 'str'}, + 'product_name': {'key': 'productName', 'type': 'str'}, + 'secret': {'key': 'secret', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(SecurityAssessmentMetadataPartnerData, self).__init__(**kwargs) + self.partner_name = kwargs.get('partner_name', None) + self.product_name = kwargs.get('product_name', None) + self.secret = kwargs.get('secret', None) + + +class SecurityAssessmentMetadataProperties(Model): + """Describes properties of an assessment metadata. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :param display_name: Required. User friendly display name of the + assessment + :type display_name: str + :ivar policy_definition_id: Azure resource ID of the policy definition + that turns this assessment calculation on + :vartype policy_definition_id: str + :param description: Human readable description of the assessment + :type description: str + :param remediation_description: Human readable description of what you + should do to mitigate this security issue + :type remediation_description: str + :param category: + :type category: list[str or ~azure.mgmt.security.models.Category] + :param severity: Required. The severity level of the assessment. Possible + values include: 'Low', 'Medium', 'High' + :type severity: str or ~azure.mgmt.security.models.Severity + :param user_impact: The user impact of the assessment. Possible values + include: 'Low', 'Moderate', 'High' + :type user_impact: str or ~azure.mgmt.security.models.UserImpact + :param implementation_effort: The implementation effort required to + remediate this assessment. Possible values include: 'Low', 'Moderate', + 'High' + :type implementation_effort: str or + ~azure.mgmt.security.models.ImplementationEffort + :param threats: + :type threats: list[str or ~azure.mgmt.security.models.Threats] + :param preview: True if this assessment is in preview release status + :type preview: bool + :param assessment_type: Required. BuiltIn if the assessment based on + built-in Azure Policy definition, Custom if the assessment based on custom + Azure Policy definition. Possible values include: 'BuiltIn', + 'CustomPolicy', 'CustomerManaged', 'VerifiedPartner' + :type assessment_type: str or ~azure.mgmt.security.models.AssessmentType + :param partner_data: + :type partner_data: + ~azure.mgmt.security.models.SecurityAssessmentMetadataPartnerData + """ + + _validation = { + 'display_name': {'required': True}, + 'policy_definition_id': {'readonly': True}, + 'severity': {'required': True}, + 'assessment_type': {'required': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'policy_definition_id': {'key': 'policyDefinitionId', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'remediation_description': {'key': 'remediationDescription', 'type': 'str'}, + 'category': {'key': 'category', 'type': '[str]'}, + 'severity': {'key': 'severity', 'type': 'str'}, + 'user_impact': {'key': 'userImpact', 'type': 'str'}, + 'implementation_effort': {'key': 'implementationEffort', 'type': 'str'}, + 'threats': {'key': 'threats', 'type': '[str]'}, + 'preview': {'key': 'preview', 'type': 'bool'}, + 'assessment_type': {'key': 'assessmentType', 'type': 'str'}, + 'partner_data': {'key': 'partnerData', 'type': 'SecurityAssessmentMetadataPartnerData'}, } def __init__(self, **kwargs): - super(RegulatoryComplianceControl, self).__init__(**kwargs) - self.description = None - self.state = kwargs.get('state', None) - self.passed_assessments = None - self.failed_assessments = None - self.skipped_assessments = None - - -class RegulatoryComplianceStandard(Resource): - """Regulatory compliance standard details and state. + super(SecurityAssessmentMetadataProperties, self).__init__(**kwargs) + self.display_name = kwargs.get('display_name', None) + self.policy_definition_id = None + self.description = kwargs.get('description', None) + self.remediation_description = kwargs.get('remediation_description', None) + self.category = kwargs.get('category', None) + self.severity = kwargs.get('severity', None) + self.user_impact = kwargs.get('user_impact', None) + self.implementation_effort = kwargs.get('implementation_effort', None) + self.threats = kwargs.get('threats', None) + self.preview = kwargs.get('preview', None) + self.assessment_type = kwargs.get('assessment_type', None) + self.partner_data = kwargs.get('partner_data', None) + + +class SecurityAssessmentPartnerData(Model): + """Data regarding 3rd party partner integration. - Variables are only populated by the server, and will be ignored when - sending a request. + All required parameters must be populated in order to send to Azure. - :ivar id: Resource Id - :vartype id: str - :ivar name: Resource name - :vartype name: str - :ivar type: Resource type - :vartype type: str - :param state: Aggregative state based on the standard's supported controls - states. Possible values include: 'Passed', 'Failed', 'Skipped', - 'Unsupported' - :type state: str or ~azure.mgmt.security.models.State - :ivar passed_controls: The number of supported regulatory compliance - controls of the given standard with a passed state - :vartype passed_controls: int - :ivar failed_controls: The number of supported regulatory compliance - controls of the given standard with a failed state - :vartype failed_controls: int - :ivar skipped_controls: The number of supported regulatory compliance - controls of the given standard with a skipped state - :vartype skipped_controls: int - :ivar unsupported_controls: The number of regulatory compliance controls - of the given standard which are unsupported by automated assessments - :vartype unsupported_controls: int + :param partner_name: Required. Name of the company of the partner + :type partner_name: str + :param secret: Required. secret to authenticate the partner - write only + :type secret: str """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'passed_controls': {'readonly': True}, - 'failed_controls': {'readonly': True}, - 'skipped_controls': {'readonly': True}, - 'unsupported_controls': {'readonly': True}, + 'partner_name': {'required': True}, + 'secret': {'required': True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'state': {'key': 'properties.state', 'type': 'str'}, - 'passed_controls': {'key': 'properties.passedControls', 'type': 'int'}, - 'failed_controls': {'key': 'properties.failedControls', 'type': 'int'}, - 'skipped_controls': {'key': 'properties.skippedControls', 'type': 'int'}, - 'unsupported_controls': {'key': 'properties.unsupportedControls', 'type': 'int'}, + 'partner_name': {'key': 'partnerName', 'type': 'str'}, + 'secret': {'key': 'secret', 'type': 'str'}, } def __init__(self, **kwargs): - super(RegulatoryComplianceStandard, self).__init__(**kwargs) - self.state = kwargs.get('state', None) - self.passed_controls = None - self.failed_controls = None - self.skipped_controls = None - self.unsupported_controls = None + super(SecurityAssessmentPartnerData, self).__init__(**kwargs) + self.partner_name = kwargs.get('partner_name', None) + self.secret = kwargs.get('secret', None) class SecurityContact(Resource): @@ -2948,6 +5648,83 @@ def __init__(self, **kwargs): self.alerts_to_admins = kwargs.get('alerts_to_admins', None) +class SecuritySubAssessment(Resource): + """Security sub-assessment on a resource. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Resource Id + :vartype id: str + :ivar name: Resource name + :vartype name: str + :ivar type: Resource type + :vartype type: str + :ivar security_sub_assessment_id: Vulnerability ID + :vartype security_sub_assessment_id: str + :ivar display_name: User friendly display name of the sub-assessment + :vartype display_name: str + :param status: + :type status: ~azure.mgmt.security.models.SubAssessmentStatus + :ivar remediation: Information on how to remediate this sub-assessment + :vartype remediation: str + :ivar impact: Description of the impact of this sub-assessment + :vartype impact: str + :ivar category: Category of the sub-assessment + :vartype category: str + :ivar description: Human readable description of the assessment status + :vartype description: str + :ivar time_generated: The date and time the sub-assessment was generated + :vartype time_generated: datetime + :param resource_details: + :type resource_details: ~azure.mgmt.security.models.ResourceDetails + :param additional_data: + :type additional_data: ~azure.mgmt.security.models.AdditionalData + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'security_sub_assessment_id': {'readonly': True}, + 'display_name': {'readonly': True}, + 'remediation': {'readonly': True}, + 'impact': {'readonly': True}, + 'category': {'readonly': True}, + 'description': {'readonly': True}, + 'time_generated': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'security_sub_assessment_id': {'key': 'properties.id', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'status': {'key': 'properties.status', 'type': 'SubAssessmentStatus'}, + 'remediation': {'key': 'properties.remediation', 'type': 'str'}, + 'impact': {'key': 'properties.impact', 'type': 'str'}, + 'category': {'key': 'properties.category', 'type': 'str'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'time_generated': {'key': 'properties.timeGenerated', 'type': 'iso-8601'}, + 'resource_details': {'key': 'properties.resourceDetails', 'type': 'ResourceDetails'}, + 'additional_data': {'key': 'properties.additionalData', 'type': 'AdditionalData'}, + } + + def __init__(self, **kwargs): + super(SecuritySubAssessment, self).__init__(**kwargs) + self.security_sub_assessment_id = None + self.display_name = None + self.status = kwargs.get('status', None) + self.remediation = None + self.impact = None + self.category = None + self.description = None + self.time_generated = None + self.resource_details = kwargs.get('resource_details', None) + self.additional_data = kwargs.get('additional_data', None) + + class SecurityTask(Resource): """Security task that we recommend to do in order to strengthen security. @@ -3038,21 +5815,30 @@ class SensitivityLabel(Model): :param display_name: The name of the sensitivity label. :type display_name: str + :param description: The description of the sensitivity label. + :type description: str + :param rank: The rank of the sensitivity label. Possible values include: + 'None', 'Low', 'Medium', 'High', 'Critical' + :type rank: str or ~azure.mgmt.security.models.Rank :param order: The order of the sensitivity label. - :type order: float + :type order: int :param enabled: Indicates whether the label is enabled or not. :type enabled: bool """ _attribute_map = { 'display_name': {'key': 'displayName', 'type': 'str'}, - 'order': {'key': 'order', 'type': 'float'}, + 'description': {'key': 'description', 'type': 'str'}, + 'rank': {'key': 'rank', 'type': 'Rank'}, + 'order': {'key': 'order', 'type': 'int'}, 'enabled': {'key': 'enabled', 'type': 'bool'}, } def __init__(self, **kwargs): super(SensitivityLabel, self).__init__(**kwargs) self.display_name = kwargs.get('display_name', None) + self.description = kwargs.get('description', None) + self.rank = kwargs.get('rank', None) self.order = kwargs.get('order', None) self.enabled = kwargs.get('enabled', None) @@ -3111,6 +5897,184 @@ def __init__(self, **kwargs): self.value = kwargs.get('value', None) +class ServerVulnerabilityProperties(AdditionalData): + """Additional context fields for server vulnerability assessment. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :param assessed_resource_type: Required. Constant filled by server. + :type assessed_resource_type: str + :ivar type: Vulnerability Type. e.g: Vulnerability, Potential + Vulnerability, Information Gathered + :vartype type: str + :ivar cvss: Dictionary from cvss version to cvss details object + :vartype cvss: dict[str, ~azure.mgmt.security.models.CVSS] + :ivar patchable: Indicates whether a patch is available or not + :vartype patchable: bool + :ivar cve: List of CVEs + :vartype cve: list[~azure.mgmt.security.models.CVE] + :ivar threat: Threat name + :vartype threat: str + :ivar published_time: Published time + :vartype published_time: datetime + :ivar vendor_references: + :vartype vendor_references: + list[~azure.mgmt.security.models.VendorReference] + """ + + _validation = { + 'assessed_resource_type': {'required': True}, + 'type': {'readonly': True}, + 'cvss': {'readonly': True}, + 'patchable': {'readonly': True}, + 'cve': {'readonly': True}, + 'threat': {'readonly': True}, + 'published_time': {'readonly': True}, + 'vendor_references': {'readonly': True}, + } + + _attribute_map = { + 'assessed_resource_type': {'key': 'assessedResourceType', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'cvss': {'key': 'cvss', 'type': '{CVSS}'}, + 'patchable': {'key': 'patchable', 'type': 'bool'}, + 'cve': {'key': 'cve', 'type': '[CVE]'}, + 'threat': {'key': 'threat', 'type': 'str'}, + 'published_time': {'key': 'publishedTime', 'type': 'iso-8601'}, + 'vendor_references': {'key': 'vendorReferences', 'type': '[VendorReference]'}, + } + + def __init__(self, **kwargs): + super(ServerVulnerabilityProperties, self).__init__(**kwargs) + self.type = None + self.cvss = None + self.patchable = None + self.cve = None + self.threat = None + self.published_time = None + self.vendor_references = None + self.assessed_resource_type = 'ServerVulnerabilityAssessment' + + +class SqlServerVulnerabilityProperties(AdditionalData): + """Details of the resource that was assessed. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :param assessed_resource_type: Required. Constant filled by server. + :type assessed_resource_type: str + :ivar type: The resource type the sub assessment refers to in its resource + details + :vartype type: str + :ivar query: The T-SQL query that runs on your SQL database to perform the + particular check + :vartype query: str + """ + + _validation = { + 'assessed_resource_type': {'required': True}, + 'type': {'readonly': True}, + 'query': {'readonly': True}, + } + + _attribute_map = { + 'assessed_resource_type': {'key': 'assessedResourceType', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'query': {'key': 'query', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(SqlServerVulnerabilityProperties, self).__init__(**kwargs) + self.type = None + self.query = None + self.assessed_resource_type = 'SqlServerVulnerability' + + +class SubAssessmentStatus(Model): + """Status of the sub-assessment. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar code: Programmatic code for the status of the assessment. Possible + values include: 'Healthy', 'Unhealthy', 'NotApplicable' + :vartype code: str or ~azure.mgmt.security.models.SubAssessmentStatusCode + :ivar cause: Programmatic code for the cause of the assessment status + :vartype cause: str + :ivar description: Human readable description of the assessment status + :vartype description: str + :ivar severity: The sub-assessment severity level. Possible values + include: 'Low', 'Medium', 'High' + :vartype severity: str or ~azure.mgmt.security.models.Severity + """ + + _validation = { + 'code': {'readonly': True}, + 'cause': {'readonly': True}, + 'description': {'readonly': True}, + 'severity': {'readonly': True}, + } + + _attribute_map = { + 'code': {'key': 'code', 'type': 'str'}, + 'cause': {'key': 'cause', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'severity': {'key': 'severity', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(SubAssessmentStatus, self).__init__(**kwargs) + self.code = None + self.cause = None + self.description = None + self.severity = None + + +class SuppressionAlertsScope(Model): + """SuppressionAlertsScope. + + All required parameters must be populated in order to send to Azure. + + :param all_of: Required. All the conditions inside need to be true in + order to suppress the alert + :type all_of: list[~azure.mgmt.security.models.ScopeElement] + """ + + _validation = { + 'all_of': {'required': True}, + } + + _attribute_map = { + 'all_of': {'key': 'allOf', 'type': '[ScopeElement]'}, + } + + def __init__(self, **kwargs): + super(SuppressionAlertsScope, self).__init__(**kwargs) + self.all_of = kwargs.get('all_of', None) + + +class Tags(Model): + """A list of key value pairs that describe the resource. + + :param tags: A list of key value pairs that describe the resource. + :type tags: dict[str, str] + """ + + _attribute_map = { + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, **kwargs): + super(Tags, self).__init__(**kwargs) + self.tags = kwargs.get('tags', None) + + class TagsResource(Model): """A container holding only the Tags for a resource, allowing the user to update the tags. @@ -3291,6 +6255,104 @@ def __init__(self, **kwargs): self.resource_id = None +class TwinUpdatesNotInAllowedRange(TimeWindowCustomAlertRule): + """Number of twin updates is not in allowed range. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :param min_threshold: Required. The minimum threshold. + :type min_threshold: int + :param max_threshold: Required. The maximum threshold. + :type max_threshold: int + :param time_window_size: Required. The time window size in iso8601 format. + :type time_window_size: timedelta + """ + + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'min_threshold': {'required': True}, + 'max_threshold': {'required': True}, + 'time_window_size': {'required': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'min_threshold': {'key': 'minThreshold', 'type': 'int'}, + 'max_threshold': {'key': 'maxThreshold', 'type': 'int'}, + 'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'}, + } + + def __init__(self, **kwargs): + super(TwinUpdatesNotInAllowedRange, self).__init__(**kwargs) + self.rule_type = 'TwinUpdatesNotInAllowedRange' + + +class UnauthorizedOperationsNotInAllowedRange(TimeWindowCustomAlertRule): + """Number of unauthorized operations is not in allowed range. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :param min_threshold: Required. The minimum threshold. + :type min_threshold: int + :param max_threshold: Required. The maximum threshold. + :type max_threshold: int + :param time_window_size: Required. The time window size in iso8601 format. + :type time_window_size: timedelta + """ + + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'min_threshold': {'required': True}, + 'max_threshold': {'required': True}, + 'time_window_size': {'required': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'min_threshold': {'key': 'minThreshold', 'type': 'int'}, + 'max_threshold': {'key': 'maxThreshold', 'type': 'int'}, + 'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'}, + } + + def __init__(self, **kwargs): + super(UnauthorizedOperationsNotInAllowedRange, self).__init__(**kwargs) + self.rule_type = 'UnauthorizedOperationsNotInAllowedRange' + + class UpdateIotSecuritySolutionData(TagsResource): """UpdateIotSecuritySolutionData. @@ -3306,8 +6368,8 @@ class UpdateIotSecuritySolutionData(TagsResource): _attribute_map = { 'tags': {'key': 'tags', 'type': '{str}'}, - 'user_defined_resources': {'key': 'userDefinedResources', 'type': 'UserDefinedResourcesProperties'}, - 'recommendations_configuration': {'key': 'recommendationsConfiguration', 'type': '[RecommendationConfigurationProperties]'}, + 'user_defined_resources': {'key': 'properties.userDefinedResources', 'type': 'UserDefinedResourcesProperties'}, + 'recommendations_configuration': {'key': 'properties.recommendationsConfiguration', 'type': '[RecommendationConfigurationProperties]'}, } def __init__(self, **kwargs): @@ -3317,7 +6379,7 @@ def __init__(self, **kwargs): class UserDefinedResourcesProperties(Model): - """Properties of the solution's user defined resources. + """Properties of the IoT Security solution's user defined resources. All required parameters must be populated in order to send to Azure. @@ -3368,6 +6430,34 @@ def __init__(self, **kwargs): self.recommendation_action = kwargs.get('recommendation_action', None) +class VendorReference(Model): + """Vendor reference. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar title: Link title + :vartype title: str + :ivar link: Link url + :vartype link: str + """ + + _validation = { + 'title': {'readonly': True}, + 'link': {'readonly': True}, + } + + _attribute_map = { + 'title': {'key': 'title', 'type': 'str'}, + 'link': {'key': 'link', 'type': 'str'}, + } + + def __init__(self, **kwargs): + super(VendorReference, self).__init__(**kwargs) + self.title = None + self.link = None + + class VmRecommendation(Model): """Represents a machine that is part of a VM/server group. @@ -3379,12 +6469,16 @@ class VmRecommendation(Model): :type recommendation_action: str or ~azure.mgmt.security.models.enum :param resource_id: :type resource_id: str + :param enforcement_support: Possible values include: 'Supported', + 'NotSupported', 'Unknown' + :type enforcement_support: str or ~azure.mgmt.security.models.enum """ _attribute_map = { 'configuration_status': {'key': 'configurationStatus', 'type': 'str'}, 'recommendation_action': {'key': 'recommendationAction', 'type': 'str'}, 'resource_id': {'key': 'resourceId', 'type': 'str'}, + 'enforcement_support': {'key': 'enforcementSupport', 'type': 'str'}, } def __init__(self, **kwargs): @@ -3392,6 +6486,7 @@ def __init__(self, **kwargs): self.configuration_status = kwargs.get('configuration_status', None) self.recommendation_action = kwargs.get('recommendation_action', None) self.resource_id = kwargs.get('resource_id', None) + self.enforcement_support = kwargs.get('enforcement_support', None) class WorkspaceSetting(Resource): diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_models_py3.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_models_py3.py index 55592fee92b4..0a92ed90bee4 100644 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_models_py3.py +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_models_py3.py @@ -164,6 +164,223 @@ def __init__(self, *, device_vendor: str=None, device_type: str=None, workspace= self.connectivity_state = connectivity_state +class CustomAlertRule(Model): + """A custom alert rule. + + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: ThresholdCustomAlertRule, ListCustomAlertRule + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + """ + + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + } + + _subtype_map = { + 'rule_type': {'ThresholdCustomAlertRule': 'ThresholdCustomAlertRule', 'ListCustomAlertRule': 'ListCustomAlertRule'} + } + + def __init__(self, *, is_enabled: bool, **kwargs) -> None: + super(CustomAlertRule, self).__init__(**kwargs) + self.display_name = None + self.description = None + self.is_enabled = is_enabled + self.rule_type = None + + +class ThresholdCustomAlertRule(CustomAlertRule): + """A custom alert rule that checks if a value (depends on the custom alert + type) is within the given range. + + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: TimeWindowCustomAlertRule + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :param min_threshold: Required. The minimum threshold. + :type min_threshold: int + :param max_threshold: Required. The maximum threshold. + :type max_threshold: int + """ + + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'min_threshold': {'required': True}, + 'max_threshold': {'required': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'min_threshold': {'key': 'minThreshold', 'type': 'int'}, + 'max_threshold': {'key': 'maxThreshold', 'type': 'int'}, + } + + _subtype_map = { + 'rule_type': {'TimeWindowCustomAlertRule': 'TimeWindowCustomAlertRule'} + } + + def __init__(self, *, is_enabled: bool, min_threshold: int, max_threshold: int, **kwargs) -> None: + super(ThresholdCustomAlertRule, self).__init__(is_enabled=is_enabled, **kwargs) + self.min_threshold = min_threshold + self.max_threshold = max_threshold + self.rule_type = 'ThresholdCustomAlertRule' + + +class TimeWindowCustomAlertRule(ThresholdCustomAlertRule): + """A custom alert rule that checks if the number of activities (depends on the + custom alert type) in a time window is within the given range. + + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: ActiveConnectionsNotInAllowedRange, + AmqpC2DMessagesNotInAllowedRange, MqttC2DMessagesNotInAllowedRange, + HttpC2DMessagesNotInAllowedRange, AmqpC2DRejectedMessagesNotInAllowedRange, + MqttC2DRejectedMessagesNotInAllowedRange, + HttpC2DRejectedMessagesNotInAllowedRange, AmqpD2CMessagesNotInAllowedRange, + MqttD2CMessagesNotInAllowedRange, HttpD2CMessagesNotInAllowedRange, + DirectMethodInvokesNotInAllowedRange, FailedLocalLoginsNotInAllowedRange, + FileUploadsNotInAllowedRange, QueuePurgesNotInAllowedRange, + TwinUpdatesNotInAllowedRange, UnauthorizedOperationsNotInAllowedRange + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :param min_threshold: Required. The minimum threshold. + :type min_threshold: int + :param max_threshold: Required. The maximum threshold. + :type max_threshold: int + :param time_window_size: Required. The time window size in iso8601 format. + :type time_window_size: timedelta + """ + + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'min_threshold': {'required': True}, + 'max_threshold': {'required': True}, + 'time_window_size': {'required': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'min_threshold': {'key': 'minThreshold', 'type': 'int'}, + 'max_threshold': {'key': 'maxThreshold', 'type': 'int'}, + 'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'}, + } + + _subtype_map = { + 'rule_type': {'ActiveConnectionsNotInAllowedRange': 'ActiveConnectionsNotInAllowedRange', 'AmqpC2DMessagesNotInAllowedRange': 'AmqpC2DMessagesNotInAllowedRange', 'MqttC2DMessagesNotInAllowedRange': 'MqttC2DMessagesNotInAllowedRange', 'HttpC2DMessagesNotInAllowedRange': 'HttpC2DMessagesNotInAllowedRange', 'AmqpC2DRejectedMessagesNotInAllowedRange': 'AmqpC2DRejectedMessagesNotInAllowedRange', 'MqttC2DRejectedMessagesNotInAllowedRange': 'MqttC2DRejectedMessagesNotInAllowedRange', 'HttpC2DRejectedMessagesNotInAllowedRange': 'HttpC2DRejectedMessagesNotInAllowedRange', 'AmqpD2CMessagesNotInAllowedRange': 'AmqpD2CMessagesNotInAllowedRange', 'MqttD2CMessagesNotInAllowedRange': 'MqttD2CMessagesNotInAllowedRange', 'HttpD2CMessagesNotInAllowedRange': 'HttpD2CMessagesNotInAllowedRange', 'DirectMethodInvokesNotInAllowedRange': 'DirectMethodInvokesNotInAllowedRange', 'FailedLocalLoginsNotInAllowedRange': 'FailedLocalLoginsNotInAllowedRange', 'FileUploadsNotInAllowedRange': 'FileUploadsNotInAllowedRange', 'QueuePurgesNotInAllowedRange': 'QueuePurgesNotInAllowedRange', 'TwinUpdatesNotInAllowedRange': 'TwinUpdatesNotInAllowedRange', 'UnauthorizedOperationsNotInAllowedRange': 'UnauthorizedOperationsNotInAllowedRange'} + } + + def __init__(self, *, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size, **kwargs) -> None: + super(TimeWindowCustomAlertRule, self).__init__(is_enabled=is_enabled, min_threshold=min_threshold, max_threshold=max_threshold, **kwargs) + self.time_window_size = time_window_size + self.rule_type = 'TimeWindowCustomAlertRule' + + +class ActiveConnectionsNotInAllowedRange(TimeWindowCustomAlertRule): + """Number of active connections is not in allowed range. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :param min_threshold: Required. The minimum threshold. + :type min_threshold: int + :param max_threshold: Required. The maximum threshold. + :type max_threshold: int + :param time_window_size: Required. The time window size in iso8601 format. + :type time_window_size: timedelta + """ + + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'min_threshold': {'required': True}, + 'max_threshold': {'required': True}, + 'time_window_size': {'required': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'min_threshold': {'key': 'minThreshold', 'type': 'int'}, + 'max_threshold': {'key': 'maxThreshold', 'type': 'int'}, + 'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'}, + } + + def __init__(self, *, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size, **kwargs) -> None: + super(ActiveConnectionsNotInAllowedRange, self).__init__(is_enabled=is_enabled, min_threshold=min_threshold, max_threshold=max_threshold, time_window_size=time_window_size, **kwargs) + self.rule_type = 'ActiveConnectionsNotInAllowedRange' + + class Resource(Model): """Describes an Azure resource. @@ -197,6 +414,112 @@ def __init__(self, **kwargs) -> None: self.type = None +class AdaptiveNetworkHardening(Resource): + """The resource whose properties describes the Adaptive Network Hardening + settings for some Azure resource. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Resource Id + :vartype id: str + :ivar name: Resource name + :vartype name: str + :ivar type: Resource type + :vartype type: str + :param rules: The security rules which are recommended to be effective on + the VM + :type rules: list[~azure.mgmt.security.models.Rule] + :param rules_calculation_time: The UTC time on which the rules were + calculated + :type rules_calculation_time: datetime + :param effective_network_security_groups: The Network Security Groups + effective on the network interfaces of the protected resource + :type effective_network_security_groups: + list[~azure.mgmt.security.models.EffectiveNetworkSecurityGroups] + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'rules': {'key': 'properties.rules', 'type': '[Rule]'}, + 'rules_calculation_time': {'key': 'properties.rulesCalculationTime', 'type': 'iso-8601'}, + 'effective_network_security_groups': {'key': 'properties.effectiveNetworkSecurityGroups', 'type': '[EffectiveNetworkSecurityGroups]'}, + } + + def __init__(self, *, rules=None, rules_calculation_time=None, effective_network_security_groups=None, **kwargs) -> None: + super(AdaptiveNetworkHardening, self).__init__(**kwargs) + self.rules = rules + self.rules_calculation_time = rules_calculation_time + self.effective_network_security_groups = effective_network_security_groups + + +class AdaptiveNetworkHardeningEnforceRequest(Model): + """AdaptiveNetworkHardeningEnforceRequest. + + All required parameters must be populated in order to send to Azure. + + :param rules: Required. The rules to enforce + :type rules: list[~azure.mgmt.security.models.Rule] + :param network_security_groups: Required. The Azure resource IDs of the + effective network security groups that will be updated with the created + security rules from the Adaptive Network Hardening rules + :type network_security_groups: list[str] + """ + + _validation = { + 'rules': {'required': True}, + 'network_security_groups': {'required': True}, + } + + _attribute_map = { + 'rules': {'key': 'rules', 'type': '[Rule]'}, + 'network_security_groups': {'key': 'networkSecurityGroups', 'type': '[str]'}, + } + + def __init__(self, *, rules, network_security_groups, **kwargs) -> None: + super(AdaptiveNetworkHardeningEnforceRequest, self).__init__(**kwargs) + self.rules = rules + self.network_security_groups = network_security_groups + + +class AdditionalData(Model): + """Details of the sub-assessment. + + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: SqlServerVulnerabilityProperties, + ContainerRegistryVulnerabilityProperties, ServerVulnerabilityProperties + + All required parameters must be populated in order to send to Azure. + + :param assessed_resource_type: Required. Constant filled by server. + :type assessed_resource_type: str + """ + + _validation = { + 'assessed_resource_type': {'required': True}, + } + + _attribute_map = { + 'assessed_resource_type': {'key': 'assessedResourceType', 'type': 'str'}, + } + + _subtype_map = { + 'assessed_resource_type': {'SqlServerVulnerability': 'SqlServerVulnerabilityProperties', 'ContainerRegistryVulnerability': 'ContainerRegistryVulnerabilityProperties', 'ServerVulnerabilityAssessment': 'ServerVulnerabilityProperties'} + } + + def __init__(self, **kwargs) -> None: + super(AdditionalData, self).__init__(**kwargs) + self.assessed_resource_type = None + + class AdvancedThreatProtectionSetting(Resource): """The Advanced Threat Protection resource. @@ -441,6 +764,75 @@ def __init__(self, *, additional_properties=None, **kwargs) -> None: self.type = None +class AlertsSuppressionRule(Resource): + """Describes the suppression rule. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Resource Id + :vartype id: str + :ivar name: Resource name + :vartype name: str + :ivar type: Resource type + :vartype type: str + :param alert_type: Required. Type of the alert to automatically suppress. + For all alert types, use '*' + :type alert_type: str + :ivar last_modified_utc: The last time this rule was modified + :vartype last_modified_utc: datetime + :param expiration_date_utc: Expiration date of the rule, if value is not + provided or provided as null this field will default to the maximum + allowed expiration date. + :type expiration_date_utc: datetime + :param reason: Required. The reason for dismissing the alert + :type reason: str + :param state: Required. Possible states of the rule. Possible values + include: 'Enabled', 'Disabled', 'Expired' + :type state: str or ~azure.mgmt.security.models.RuleState + :param comment: Any comment regarding the rule + :type comment: str + :param suppression_alerts_scope: The suppression conditions + :type suppression_alerts_scope: + ~azure.mgmt.security.models.SuppressionAlertsScope + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'alert_type': {'required': True}, + 'last_modified_utc': {'readonly': True}, + 'reason': {'required': True}, + 'state': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'alert_type': {'key': 'properties.alertType', 'type': 'str'}, + 'last_modified_utc': {'key': 'properties.lastModifiedUtc', 'type': 'iso-8601'}, + 'expiration_date_utc': {'key': 'properties.expirationDateUtc', 'type': 'iso-8601'}, + 'reason': {'key': 'properties.reason', 'type': 'str'}, + 'state': {'key': 'properties.state', 'type': 'RuleState'}, + 'comment': {'key': 'properties.comment', 'type': 'str'}, + 'suppression_alerts_scope': {'key': 'properties.suppressionAlertsScope', 'type': 'SuppressionAlertsScope'}, + } + + def __init__(self, *, alert_type: str, reason: str, state, expiration_date_utc=None, comment: str=None, suppression_alerts_scope=None, **kwargs) -> None: + super(AlertsSuppressionRule, self).__init__(**kwargs) + self.alert_type = alert_type + self.last_modified_utc = None + self.expiration_date_utc = expiration_date_utc + self.reason = reason + self.state = state + self.comment = comment + self.suppression_alerts_scope = suppression_alerts_scope + + class AllowedConnectionsResource(Model): """The resource whose properties describes the allowed traffic between Azure resources. @@ -492,83 +884,347 @@ def __init__(self, **kwargs) -> None: self.connectable_resources = None -class AppWhitelistingGroup(Model): - """AppWhitelistingGroup. +class ListCustomAlertRule(CustomAlertRule): + """A List custom alert rule. + + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: AllowlistCustomAlertRule, DenylistCustomAlertRule Variables are only populated by the server, and will be ignored when sending a request. - :ivar id: Resource Id - :vartype id: str - :ivar name: Resource name - :vartype name: str - :ivar type: Resource type - :vartype type: str - :ivar location: Location where the resource is stored - :vartype location: str - :param enforcement_mode: Possible values include: 'Audit', 'Enforce' - :type enforcement_mode: str or ~azure.mgmt.security.models.enum - :param configuration_status: Possible values include: 'Configured', - 'NotConfigured', 'InProgress', 'Failed', 'NoStatus' - :type configuration_status: str or ~azure.mgmt.security.models.enum - :param recommendation_status: Possible values include: 'Recommended', - 'NotRecommended', 'NotAvailable', 'NoStatus' - :type recommendation_status: str or ~azure.mgmt.security.models.enum - :param issues: - :type issues: - list[~azure.mgmt.security.models.AppWhitelistingIssueSummary] - :param source_system: Possible values include: 'Azure_AppLocker', - 'Azure_AuditD', 'NonAzure_AppLocker', 'NonAzure_AuditD', 'None' - :type source_system: str or ~azure.mgmt.security.models.enum - :param vm_recommendations: - :type vm_recommendations: - list[~azure.mgmt.security.models.VmRecommendation] - :param path_recommendations: - :type path_recommendations: - list[~azure.mgmt.security.models.PathRecommendation] + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :ivar value_type: The value type of the items in the list. Possible values + include: 'IpCidr', 'String' + :vartype value_type: str or ~azure.mgmt.security.models.ValueType """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'location': {'readonly': True}, + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'value_type': {'readonly': True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'location': {'key': 'location', 'type': 'str'}, - 'enforcement_mode': {'key': 'properties.enforcementMode', 'type': 'str'}, - 'configuration_status': {'key': 'properties.configurationStatus', 'type': 'str'}, - 'recommendation_status': {'key': 'properties.recommendationStatus', 'type': 'str'}, - 'issues': {'key': 'properties.issues', 'type': '[AppWhitelistingIssueSummary]'}, - 'source_system': {'key': 'properties.sourceSystem', 'type': 'str'}, - 'vm_recommendations': {'key': 'properties.vmRecommendations', 'type': '[VmRecommendation]'}, - 'path_recommendations': {'key': 'properties.pathRecommendations', 'type': '[PathRecommendation]'}, + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'value_type': {'key': 'valueType', 'type': 'str'}, } - def __init__(self, *, enforcement_mode=None, configuration_status=None, recommendation_status=None, issues=None, source_system=None, vm_recommendations=None, path_recommendations=None, **kwargs) -> None: - super(AppWhitelistingGroup, self).__init__(**kwargs) - self.id = None - self.name = None - self.type = None - self.location = None - self.enforcement_mode = enforcement_mode - self.configuration_status = configuration_status - self.recommendation_status = recommendation_status - self.issues = issues - self.source_system = source_system - self.vm_recommendations = vm_recommendations - self.path_recommendations = path_recommendations + _subtype_map = { + 'rule_type': {'AllowlistCustomAlertRule': 'AllowlistCustomAlertRule', 'DenylistCustomAlertRule': 'DenylistCustomAlertRule'} + } + def __init__(self, *, is_enabled: bool, **kwargs) -> None: + super(ListCustomAlertRule, self).__init__(is_enabled=is_enabled, **kwargs) + self.value_type = None + self.rule_type = 'ListCustomAlertRule' -class AppWhitelistingGroups(Model): - """Represents a list of VM/server groups and set of rules that are Recommended - by Azure Security Center to be allowed. - :param value: +class AllowlistCustomAlertRule(ListCustomAlertRule): + """A custom alert rule that checks if a value (depends on the custom alert + type) is allowed. + + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: ConnectionToIpNotAllowed, LocalUserNotAllowed, + ProcessNotAllowed + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :ivar value_type: The value type of the items in the list. Possible values + include: 'IpCidr', 'String' + :vartype value_type: str or ~azure.mgmt.security.models.ValueType + :param allowlist_values: Required. The values to allow. The format of the + values depends on the rule type. + :type allowlist_values: list[str] + """ + + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'value_type': {'readonly': True}, + 'allowlist_values': {'required': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'value_type': {'key': 'valueType', 'type': 'str'}, + 'allowlist_values': {'key': 'allowlistValues', 'type': '[str]'}, + } + + _subtype_map = { + 'rule_type': {'ConnectionToIpNotAllowed': 'ConnectionToIpNotAllowed', 'LocalUserNotAllowed': 'LocalUserNotAllowed', 'ProcessNotAllowed': 'ProcessNotAllowed'} + } + + def __init__(self, *, is_enabled: bool, allowlist_values, **kwargs) -> None: + super(AllowlistCustomAlertRule, self).__init__(is_enabled=is_enabled, **kwargs) + self.allowlist_values = allowlist_values + self.rule_type = 'AllowlistCustomAlertRule' + + +class AmqpC2DMessagesNotInAllowedRange(TimeWindowCustomAlertRule): + """Number of cloud to device messages (AMQP protocol) is not in allowed range. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :param min_threshold: Required. The minimum threshold. + :type min_threshold: int + :param max_threshold: Required. The maximum threshold. + :type max_threshold: int + :param time_window_size: Required. The time window size in iso8601 format. + :type time_window_size: timedelta + """ + + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'min_threshold': {'required': True}, + 'max_threshold': {'required': True}, + 'time_window_size': {'required': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'min_threshold': {'key': 'minThreshold', 'type': 'int'}, + 'max_threshold': {'key': 'maxThreshold', 'type': 'int'}, + 'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'}, + } + + def __init__(self, *, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size, **kwargs) -> None: + super(AmqpC2DMessagesNotInAllowedRange, self).__init__(is_enabled=is_enabled, min_threshold=min_threshold, max_threshold=max_threshold, time_window_size=time_window_size, **kwargs) + self.rule_type = 'AmqpC2DMessagesNotInAllowedRange' + + +class AmqpC2DRejectedMessagesNotInAllowedRange(TimeWindowCustomAlertRule): + """Number of rejected cloud to device messages (AMQP protocol) is not in + allowed range. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :param min_threshold: Required. The minimum threshold. + :type min_threshold: int + :param max_threshold: Required. The maximum threshold. + :type max_threshold: int + :param time_window_size: Required. The time window size in iso8601 format. + :type time_window_size: timedelta + """ + + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'min_threshold': {'required': True}, + 'max_threshold': {'required': True}, + 'time_window_size': {'required': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'min_threshold': {'key': 'minThreshold', 'type': 'int'}, + 'max_threshold': {'key': 'maxThreshold', 'type': 'int'}, + 'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'}, + } + + def __init__(self, *, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size, **kwargs) -> None: + super(AmqpC2DRejectedMessagesNotInAllowedRange, self).__init__(is_enabled=is_enabled, min_threshold=min_threshold, max_threshold=max_threshold, time_window_size=time_window_size, **kwargs) + self.rule_type = 'AmqpC2DRejectedMessagesNotInAllowedRange' + + +class AmqpD2CMessagesNotInAllowedRange(TimeWindowCustomAlertRule): + """Number of device to cloud messages (AMQP protocol) is not in allowed range. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :param min_threshold: Required. The minimum threshold. + :type min_threshold: int + :param max_threshold: Required. The maximum threshold. + :type max_threshold: int + :param time_window_size: Required. The time window size in iso8601 format. + :type time_window_size: timedelta + """ + + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'min_threshold': {'required': True}, + 'max_threshold': {'required': True}, + 'time_window_size': {'required': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'min_threshold': {'key': 'minThreshold', 'type': 'int'}, + 'max_threshold': {'key': 'maxThreshold', 'type': 'int'}, + 'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'}, + } + + def __init__(self, *, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size, **kwargs) -> None: + super(AmqpD2CMessagesNotInAllowedRange, self).__init__(is_enabled=is_enabled, min_threshold=min_threshold, max_threshold=max_threshold, time_window_size=time_window_size, **kwargs) + self.rule_type = 'AmqpD2CMessagesNotInAllowedRange' + + +class AppWhitelistingGroup(Model): + """AppWhitelistingGroup. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Resource Id + :vartype id: str + :ivar name: Resource name + :vartype name: str + :ivar type: Resource type + :vartype type: str + :ivar location: Location where the resource is stored + :vartype location: str + :param enforcement_mode: Possible values include: 'Audit', 'Enforce', + 'None' + :type enforcement_mode: str or ~azure.mgmt.security.models.enum + :param protection_mode: + :type protection_mode: ~azure.mgmt.security.models.ProtectionMode + :ivar configuration_status: Possible values include: 'Configured', + 'NotConfigured', 'InProgress', 'Failed', 'NoStatus' + :vartype configuration_status: str or ~azure.mgmt.security.models.enum + :ivar recommendation_status: Possible values include: 'Recommended', + 'NotRecommended', 'NotAvailable', 'NoStatus' + :vartype recommendation_status: str or ~azure.mgmt.security.models.enum + :ivar issues: + :vartype issues: + list[~azure.mgmt.security.models.AppWhitelistingIssueSummary] + :ivar source_system: Possible values include: 'Azure_AppLocker', + 'Azure_AuditD', 'NonAzure_AppLocker', 'NonAzure_AuditD', 'None' + :vartype source_system: str or ~azure.mgmt.security.models.enum + :param vm_recommendations: + :type vm_recommendations: + list[~azure.mgmt.security.models.VmRecommendation] + :param path_recommendations: + :type path_recommendations: + list[~azure.mgmt.security.models.PathRecommendation] + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'location': {'readonly': True}, + 'configuration_status': {'readonly': True}, + 'recommendation_status': {'readonly': True}, + 'issues': {'readonly': True}, + 'source_system': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'location': {'key': 'location', 'type': 'str'}, + 'enforcement_mode': {'key': 'properties.enforcementMode', 'type': 'str'}, + 'protection_mode': {'key': 'properties.protectionMode', 'type': 'ProtectionMode'}, + 'configuration_status': {'key': 'properties.configurationStatus', 'type': 'str'}, + 'recommendation_status': {'key': 'properties.recommendationStatus', 'type': 'str'}, + 'issues': {'key': 'properties.issues', 'type': '[AppWhitelistingIssueSummary]'}, + 'source_system': {'key': 'properties.sourceSystem', 'type': 'str'}, + 'vm_recommendations': {'key': 'properties.vmRecommendations', 'type': '[VmRecommendation]'}, + 'path_recommendations': {'key': 'properties.pathRecommendations', 'type': '[PathRecommendation]'}, + } + + def __init__(self, *, enforcement_mode=None, protection_mode=None, vm_recommendations=None, path_recommendations=None, **kwargs) -> None: + super(AppWhitelistingGroup, self).__init__(**kwargs) + self.id = None + self.name = None + self.type = None + self.location = None + self.enforcement_mode = enforcement_mode + self.protection_mode = protection_mode + self.configuration_status = None + self.recommendation_status = None + self.issues = None + self.source_system = None + self.vm_recommendations = vm_recommendations + self.path_recommendations = path_recommendations + + +class AppWhitelistingGroups(Model): + """Represents a list of VM/server groups and set of rules that are Recommended + by Azure Security Center to be allowed. + + :param value: :type value: list[~azure.mgmt.security.models.AppWhitelistingGroup] """ @@ -605,32 +1261,6 @@ def __init__(self, *, issue=None, number_of_vms: float=None, **kwargs) -> None: self.number_of_vms = number_of_vms -class AppWhitelistingPutGroupData(Model): - """The altered data of the recommended VM/server group policy. - - :param enforcement_mode: Possible values include: 'Audit', 'Enforce' - :type enforcement_mode: str or ~azure.mgmt.security.models.enum - :param vm_recommendations: - :type vm_recommendations: - list[~azure.mgmt.security.models.VmRecommendation] - :param path_recommendations: - :type path_recommendations: - list[~azure.mgmt.security.models.PathRecommendation] - """ - - _attribute_map = { - 'enforcement_mode': {'key': 'enforcementMode', 'type': 'str'}, - 'vm_recommendations': {'key': 'vmRecommendations', 'type': '[VmRecommendation]'}, - 'path_recommendations': {'key': 'pathRecommendations', 'type': '[PathRecommendation]'}, - } - - def __init__(self, *, enforcement_mode=None, vm_recommendations=None, path_recommendations=None, **kwargs) -> None: - super(AppWhitelistingPutGroupData, self).__init__(**kwargs) - self.enforcement_mode = enforcement_mode - self.vm_recommendations = vm_recommendations - self.path_recommendations = path_recommendations - - class AscLocation(Resource): """The ASC location of the subscription is in the "name" field. @@ -665,6 +1295,60 @@ def __init__(self, *, properties=None, **kwargs) -> None: self.properties = properties +class AssessmentLinks(Model): + """Links relevant to the assessment. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar azure_portal_uri: Link to assessment in Azure Portal + :vartype azure_portal_uri: str + """ + + _validation = { + 'azure_portal_uri': {'readonly': True}, + } + + _attribute_map = { + 'azure_portal_uri': {'key': 'azurePortalUri', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(AssessmentLinks, self).__init__(**kwargs) + self.azure_portal_uri = None + + +class AssessmentStatus(Model): + """The result of the assessment. + + All required parameters must be populated in order to send to Azure. + + :param code: Required. Programmatic code for the status of the assessment. + Possible values include: 'Healthy', 'Unhealthy', 'NotApplicable' + :type code: str or ~azure.mgmt.security.models.AssessmentStatusCode + :param cause: Programmatic code for the cause of the assessment status + :type cause: str + :param description: Human readable description of the assessment status + :type description: str + """ + + _validation = { + 'code': {'required': True}, + } + + _attribute_map = { + 'code': {'key': 'code', 'type': 'str'}, + 'cause': {'key': 'cause', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + } + + def __init__(self, *, code, cause: str=None, description: str=None, **kwargs) -> None: + super(AssessmentStatus, self).__init__(**kwargs) + self.code = code + self.cause = cause + self.description = description + + class AtaExternalSecuritySolution(ExternalSecuritySolution): """Represents an ATA security solution which sends logs to an OMS workspace. @@ -768,52 +1452,63 @@ def __init__(self, *, additional_properties=None, device_vendor: str=None, devic self.last_event_received = last_event_received -class AutoProvisioningSetting(Resource): - """Auto provisioning setting. +class TrackedResource(Model): + """Describes an Azure tracked resource. Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. - :ivar id: Resource Id :vartype id: str :ivar name: Resource name :vartype name: str :ivar type: Resource type :vartype type: str - :param auto_provision: Required. Describes what kind of security agent - provisioning action to take. Possible values include: 'On', 'Off' - :type auto_provision: str or ~azure.mgmt.security.models.AutoProvision + :ivar location: Location where the resource is stored + :vartype location: str + :param kind: Kind of the resource + :type kind: str + :param etag: Entity tag is used for comparing two or more entities from + the same requested resource. + :type etag: str + :param tags: A list of key value pairs that describe the resource. + :type tags: dict[str, str] """ _validation = { 'id': {'readonly': True}, 'name': {'readonly': True}, 'type': {'readonly': True}, - 'auto_provision': {'required': True}, + 'location': {'readonly': True}, } _attribute_map = { 'id': {'key': 'id', 'type': 'str'}, 'name': {'key': 'name', 'type': 'str'}, 'type': {'key': 'type', 'type': 'str'}, - 'auto_provision': {'key': 'properties.autoProvision', 'type': 'str'}, + 'location': {'key': 'location', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'tags': {'key': 'tags', 'type': '{str}'}, } - def __init__(self, *, auto_provision, **kwargs) -> None: - super(AutoProvisioningSetting, self).__init__(**kwargs) - self.auto_provision = auto_provision + def __init__(self, *, kind: str=None, etag: str=None, tags=None, **kwargs) -> None: + super(TrackedResource, self).__init__(**kwargs) + self.id = None + self.name = None + self.type = None + self.location = None + self.kind = kind + self.etag = etag + self.tags = tags -class CefExternalSecuritySolution(ExternalSecuritySolution): - """Represents a security solution which sends CEF logs to an OMS workspace. +class Automation(TrackedResource): + """The security automation resource. Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. - :ivar id: Resource Id :vartype id: str :ivar name: Resource name @@ -822,10 +1517,28 @@ class CefExternalSecuritySolution(ExternalSecuritySolution): :vartype type: str :ivar location: Location where the resource is stored :vartype location: str - :param kind: Required. Constant filled by server. + :param kind: Kind of the resource :type kind: str - :param properties: - :type properties: ~azure.mgmt.security.models.CefSolutionProperties + :param etag: Entity tag is used for comparing two or more entities from + the same requested resource. + :type etag: str + :param tags: A list of key value pairs that describe the resource. + :type tags: dict[str, str] + :param description: The security automation description. + :type description: str + :param is_enabled: Indicates whether the security automation is enabled. + :type is_enabled: bool + :param scopes: A collection of scopes on which the security automations + logic is applied. Supported scopes are the subscription itself or a + resource group under that subscription. The automation will only apply on + defined scopes. + :type scopes: list[~azure.mgmt.security.models.AutomationScope] + :param sources: A collection of the source event types which evaluate the + security automation set of rules. + :type sources: list[~azure.mgmt.security.models.AutomationSource] + :param actions: A collection of the actions which are triggered if all the + configured rules evaluations, within at least one rule set, are true. + :type actions: list[~azure.mgmt.security.models.AutomationAction] """ _validation = { @@ -833,7 +1546,6 @@ class CefExternalSecuritySolution(ExternalSecuritySolution): 'name': {'readonly': True}, 'type': {'readonly': True}, 'location': {'readonly': True}, - 'kind': {'required': True}, } _attribute_map = { @@ -842,26 +1554,461 @@ class CefExternalSecuritySolution(ExternalSecuritySolution): 'type': {'key': 'type', 'type': 'str'}, 'location': {'key': 'location', 'type': 'str'}, 'kind': {'key': 'kind', 'type': 'str'}, - 'properties': {'key': 'properties', 'type': 'CefSolutionProperties'}, + 'etag': {'key': 'etag', 'type': 'str'}, + 'tags': {'key': 'tags', 'type': '{str}'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'is_enabled': {'key': 'properties.isEnabled', 'type': 'bool'}, + 'scopes': {'key': 'properties.scopes', 'type': '[AutomationScope]'}, + 'sources': {'key': 'properties.sources', 'type': '[AutomationSource]'}, + 'actions': {'key': 'properties.actions', 'type': '[AutomationAction]'}, } - def __init__(self, *, properties=None, **kwargs) -> None: - super(CefExternalSecuritySolution, self).__init__(**kwargs) - self.properties = properties - self.kind = 'CEF' + def __init__(self, *, kind: str=None, etag: str=None, tags=None, description: str=None, is_enabled: bool=None, scopes=None, sources=None, actions=None, **kwargs) -> None: + super(Automation, self).__init__(kind=kind, etag=etag, tags=tags, **kwargs) + self.description = description + self.is_enabled = is_enabled + self.scopes = scopes + self.sources = sources + self.actions = actions -class CefSolutionProperties(ExternalSecuritySolutionProperties): - """The external security solution properties for CEF solutions. +class AutomationAction(Model): + """The action that should be triggered. - :param additional_properties: Unmatched properties from the message are - deserialized this collection - :type additional_properties: dict[str, object] - :param device_vendor: - :type device_vendor: str - :param device_type: - :type device_type: str - :param workspace: + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: AutomationActionLogicApp, AutomationActionEventHub, + AutomationActionWorkspace + + All required parameters must be populated in order to send to Azure. + + :param action_type: Required. Constant filled by server. + :type action_type: str + """ + + _validation = { + 'action_type': {'required': True}, + } + + _attribute_map = { + 'action_type': {'key': 'actionType', 'type': 'str'}, + } + + _subtype_map = { + 'action_type': {'LogicApp': 'AutomationActionLogicApp', 'EventHub': 'AutomationActionEventHub', 'Workspace': 'AutomationActionWorkspace'} + } + + def __init__(self, **kwargs) -> None: + super(AutomationAction, self).__init__(**kwargs) + self.action_type = None + + +class AutomationActionEventHub(AutomationAction): + """The target Event Hub to which event data will be exported. To learn more + about Security Center continuous export capabilities, visit + https://aka.ms/ASCExportLearnMore. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :param action_type: Required. Constant filled by server. + :type action_type: str + :param event_hub_resource_id: The target Event Hub Azure Resource ID. + :type event_hub_resource_id: str + :ivar sas_policy_name: The target Event Hub SAS policy name. + :vartype sas_policy_name: str + :param connection_string: The target Event Hub connection string (it will + not be included in any response). + :type connection_string: str + """ + + _validation = { + 'action_type': {'required': True}, + 'sas_policy_name': {'readonly': True}, + } + + _attribute_map = { + 'action_type': {'key': 'actionType', 'type': 'str'}, + 'event_hub_resource_id': {'key': 'eventHubResourceId', 'type': 'str'}, + 'sas_policy_name': {'key': 'sasPolicyName', 'type': 'str'}, + 'connection_string': {'key': 'connectionString', 'type': 'str'}, + } + + def __init__(self, *, event_hub_resource_id: str=None, connection_string: str=None, **kwargs) -> None: + super(AutomationActionEventHub, self).__init__(**kwargs) + self.event_hub_resource_id = event_hub_resource_id + self.sas_policy_name = None + self.connection_string = connection_string + self.action_type = 'EventHub' + + +class AutomationActionLogicApp(AutomationAction): + """The logic app action that should be triggered. To learn more about Security + Center's Workflow Automation capabilities, visit + https://aka.ms/ASCWorkflowAutomationLearnMore. + + All required parameters must be populated in order to send to Azure. + + :param action_type: Required. Constant filled by server. + :type action_type: str + :param logic_app_resource_id: The triggered Logic App Azure Resource ID. + This can also reside on other subscriptions, given that you have + permissions to trigger the Logic App + :type logic_app_resource_id: str + :param uri: The Logic App trigger URI endpoint (it will not be included in + any response). + :type uri: str + """ + + _validation = { + 'action_type': {'required': True}, + } + + _attribute_map = { + 'action_type': {'key': 'actionType', 'type': 'str'}, + 'logic_app_resource_id': {'key': 'logicAppResourceId', 'type': 'str'}, + 'uri': {'key': 'uri', 'type': 'str'}, + } + + def __init__(self, *, logic_app_resource_id: str=None, uri: str=None, **kwargs) -> None: + super(AutomationActionLogicApp, self).__init__(**kwargs) + self.logic_app_resource_id = logic_app_resource_id + self.uri = uri + self.action_type = 'LogicApp' + + +class AutomationActionWorkspace(AutomationAction): + """The Log Analytics Workspace to which event data will be exported. Security + alerts data will reside in the 'SecurityAlert' table and the assessments + data will reside in the 'SecurityRecommendation' table (under the + 'Security'/'SecurityCenterFree' solutions). Note that in order to view the + data in the workspace, the Security Center Log Analytics free/standard + solution needs to be enabled on that workspace. To learn more about + Security Center continuous export capabilities, visit + https://aka.ms/ASCExportLearnMore. + + All required parameters must be populated in order to send to Azure. + + :param action_type: Required. Constant filled by server. + :type action_type: str + :param workspace_resource_id: The fully qualified Log Analytics Workspace + Azure Resource ID. + :type workspace_resource_id: str + """ + + _validation = { + 'action_type': {'required': True}, + } + + _attribute_map = { + 'action_type': {'key': 'actionType', 'type': 'str'}, + 'workspace_resource_id': {'key': 'workspaceResourceId', 'type': 'str'}, + } + + def __init__(self, *, workspace_resource_id: str=None, **kwargs) -> None: + super(AutomationActionWorkspace, self).__init__(**kwargs) + self.workspace_resource_id = workspace_resource_id + self.action_type = 'Workspace' + + +class AutomationRuleSet(Model): + """A rule set which evaluates all its rules upon an event interception. Only + when all the included rules in the rule set will be evaluated as 'true', + will the event trigger the defined actions. + + :param rules: + :type rules: list[~azure.mgmt.security.models.AutomationTriggeringRule] + """ + + _attribute_map = { + 'rules': {'key': 'rules', 'type': '[AutomationTriggeringRule]'}, + } + + def __init__(self, *, rules=None, **kwargs) -> None: + super(AutomationRuleSet, self).__init__(**kwargs) + self.rules = rules + + +class AutomationScope(Model): + """A single automation scope. + + :param description: The resources scope description. + :type description: str + :param scope_path: The resources scope path. Can be the subscription on + which the automation is defined on or a resource group under that + subscription (fully qualified Azure resource IDs). + :type scope_path: str + """ + + _attribute_map = { + 'description': {'key': 'description', 'type': 'str'}, + 'scope_path': {'key': 'scopePath', 'type': 'str'}, + } + + def __init__(self, *, description: str=None, scope_path: str=None, **kwargs) -> None: + super(AutomationScope, self).__init__(**kwargs) + self.description = description + self.scope_path = scope_path + + +class AutomationSource(Model): + """The source event types which evaluate the security automation set of rules. + For example - security alerts and security assessments. To learn more about + the supported security events data models schemas - please visit + https://aka.ms/ASCAutomationSchemas. + + :param event_source: A valid event source type. Possible values include: + 'Assessments', 'Alerts' + :type event_source: str or ~azure.mgmt.security.models.EventSource + :param rule_sets: A set of rules which evaluate upon event interception. A + logical disjunction is applied between defined rule sets (logical 'or'). + :type rule_sets: list[~azure.mgmt.security.models.AutomationRuleSet] + """ + + _attribute_map = { + 'event_source': {'key': 'eventSource', 'type': 'str'}, + 'rule_sets': {'key': 'ruleSets', 'type': '[AutomationRuleSet]'}, + } + + def __init__(self, *, event_source=None, rule_sets=None, **kwargs) -> None: + super(AutomationSource, self).__init__(**kwargs) + self.event_source = event_source + self.rule_sets = rule_sets + + +class AutomationTriggeringRule(Model): + """A rule which is evaluated upon event interception. The rule is configured + by comparing a specific value from the event model to an expected value. + This comparison is done by using one of the supported operators set. + + :param property_jpath: The JPath of the entity model property that should + be checked. + :type property_jpath: str + :param property_type: The data type of the compared operands (string, + integer, floating point number or a boolean [true/false]]. Possible values + include: 'String', 'Integer', 'Number', 'Boolean' + :type property_type: str or ~azure.mgmt.security.models.PropertyType + :param expected_value: The expected value. + :type expected_value: str + :param operator: A valid comparer operator to use. A case-insensitive + comparison will be applied for String PropertyType. Possible values + include: 'Equals', 'GreaterThan', 'GreaterThanOrEqualTo', 'LesserThan', + 'LesserThanOrEqualTo', 'NotEquals', 'Contains', 'StartsWith', 'EndsWith' + :type operator: str or ~azure.mgmt.security.models.Operator + """ + + _attribute_map = { + 'property_jpath': {'key': 'propertyJPath', 'type': 'str'}, + 'property_type': {'key': 'propertyType', 'type': 'str'}, + 'expected_value': {'key': 'expectedValue', 'type': 'str'}, + 'operator': {'key': 'operator', 'type': 'str'}, + } + + def __init__(self, *, property_jpath: str=None, property_type=None, expected_value: str=None, operator=None, **kwargs) -> None: + super(AutomationTriggeringRule, self).__init__(**kwargs) + self.property_jpath = property_jpath + self.property_type = property_type + self.expected_value = expected_value + self.operator = operator + + +class AutomationValidationStatus(Model): + """The security automation model state property bag. + + :param is_valid: Indicates whether the model is valid or not. + :type is_valid: bool + :param message: The validation message. + :type message: str + """ + + _attribute_map = { + 'is_valid': {'key': 'isValid', 'type': 'bool'}, + 'message': {'key': 'message', 'type': 'str'}, + } + + def __init__(self, *, is_valid: bool=None, message: str=None, **kwargs) -> None: + super(AutomationValidationStatus, self).__init__(**kwargs) + self.is_valid = is_valid + self.message = message + + +class AutoProvisioningSetting(Resource): + """Auto provisioning setting. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Resource Id + :vartype id: str + :ivar name: Resource name + :vartype name: str + :ivar type: Resource type + :vartype type: str + :param auto_provision: Required. Describes what kind of security agent + provisioning action to take. Possible values include: 'On', 'Off' + :type auto_provision: str or ~azure.mgmt.security.models.AutoProvision + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'auto_provision': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'auto_provision': {'key': 'properties.autoProvision', 'type': 'str'}, + } + + def __init__(self, *, auto_provision, **kwargs) -> None: + super(AutoProvisioningSetting, self).__init__(**kwargs) + self.auto_provision = auto_provision + + +class ResourceDetails(Model): + """Details of the resource that was assessed. + + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: OnPremiseResourceDetails, AzureResourceDetails + + All required parameters must be populated in order to send to Azure. + + :param source: Required. Constant filled by server. + :type source: str + """ + + _validation = { + 'source': {'required': True}, + } + + _attribute_map = { + 'source': {'key': 'source', 'type': 'str'}, + } + + _subtype_map = { + 'source': {'OnPremise': 'OnPremiseResourceDetails', 'Azure': 'AzureResourceDetails'} + } + + def __init__(self, **kwargs) -> None: + super(ResourceDetails, self).__init__(**kwargs) + self.source = None + + +class AzureResourceDetails(ResourceDetails): + """Details of the Azure resource that was assessed. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :param source: Required. Constant filled by server. + :type source: str + :ivar id: Azure resource Id of the assessed resource + :vartype id: str + """ + + _validation = { + 'source': {'required': True}, + 'id': {'readonly': True}, + } + + _attribute_map = { + 'source': {'key': 'source', 'type': 'str'}, + 'id': {'key': 'id', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(AzureResourceDetails, self).__init__(**kwargs) + self.id = None + self.source = 'Azure' + + +class AzureResourceLink(Model): + """Describes an Azure resource with kind. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Azure resource Id + :vartype id: str + """ + + _validation = { + 'id': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(AzureResourceLink, self).__init__(**kwargs) + self.id = None + + +class CefExternalSecuritySolution(ExternalSecuritySolution): + """Represents a security solution which sends CEF logs to an OMS workspace. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Resource Id + :vartype id: str + :ivar name: Resource name + :vartype name: str + :ivar type: Resource type + :vartype type: str + :ivar location: Location where the resource is stored + :vartype location: str + :param kind: Required. Constant filled by server. + :type kind: str + :param properties: + :type properties: ~azure.mgmt.security.models.CefSolutionProperties + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'location': {'readonly': True}, + 'kind': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'location': {'key': 'location', 'type': 'str'}, + 'kind': {'key': 'kind', 'type': 'str'}, + 'properties': {'key': 'properties', 'type': 'CefSolutionProperties'}, + } + + def __init__(self, *, properties=None, **kwargs) -> None: + super(CefExternalSecuritySolution, self).__init__(**kwargs) + self.properties = properties + self.kind = 'CEF' + + +class CefSolutionProperties(ExternalSecuritySolutionProperties): + """The external security solution properties for CEF solutions. + + :param additional_properties: Unmatched properties from the message are + deserialized this collection + :type additional_properties: dict[str, object] + :param device_vendor: + :type device_vendor: str + :param device_type: + :type device_type: str + :param workspace: :type workspace: ~azure.mgmt.security.models.ConnectedWorkspace :param hostname: :type hostname: str @@ -1134,24 +2281,192 @@ def __init__(self, *, id: str=None, **kwargs) -> None: self.id = id -class SettingResource(Resource): - """The kind of the security setting. +class ConnectionToIpNotAllowed(AllowlistCustomAlertRule): + """Outbound connection to an ip that isn't allowed. Allow list consists of + ipv4 or ipv6 range in CIDR notation. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar id: Resource Id - :vartype id: str - :ivar name: Resource name - :vartype name: str + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :ivar value_type: The value type of the items in the list. Possible values + include: 'IpCidr', 'String' + :vartype value_type: str or ~azure.mgmt.security.models.ValueType + :param allowlist_values: Required. The values to allow. The format of the + values depends on the rule type. + :type allowlist_values: list[str] + """ + + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'value_type': {'readonly': True}, + 'allowlist_values': {'required': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'value_type': {'key': 'valueType', 'type': 'str'}, + 'allowlist_values': {'key': 'allowlistValues', 'type': '[str]'}, + } + + def __init__(self, *, is_enabled: bool, allowlist_values, **kwargs) -> None: + super(ConnectionToIpNotAllowed, self).__init__(is_enabled=is_enabled, allowlist_values=allowlist_values, **kwargs) + self.rule_type = 'ConnectionToIpNotAllowed' + + +class ContainerRegistryVulnerabilityProperties(AdditionalData): + """Additional context fields for container registry Vulnerability assessment. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :param assessed_resource_type: Required. Constant filled by server. + :type assessed_resource_type: str + :ivar type: Vulnerability Type. e.g: Vulnerability, Potential + Vulnerability, Information Gathered, Vulnerability + :vartype type: str + :ivar cvss: Dictionary from cvss version to cvss details object + :vartype cvss: dict[str, ~azure.mgmt.security.models.CVSS] + :ivar patchable: Indicates whether a patch is available or not + :vartype patchable: bool + :ivar cve: List of CVEs + :vartype cve: list[~azure.mgmt.security.models.CVE] + :ivar published_time: Published time + :vartype published_time: datetime + :ivar vendor_references: + :vartype vendor_references: + list[~azure.mgmt.security.models.VendorReference] + :ivar repository_name: Name of the repository which the vulnerable image + belongs to + :vartype repository_name: str + :ivar image_digest: Digest of the vulnerable image + :vartype image_digest: str + """ + + _validation = { + 'assessed_resource_type': {'required': True}, + 'type': {'readonly': True}, + 'cvss': {'readonly': True}, + 'patchable': {'readonly': True}, + 'cve': {'readonly': True}, + 'published_time': {'readonly': True}, + 'vendor_references': {'readonly': True}, + 'repository_name': {'readonly': True}, + 'image_digest': {'readonly': True}, + } + + _attribute_map = { + 'assessed_resource_type': {'key': 'assessedResourceType', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'cvss': {'key': 'cvss', 'type': '{CVSS}'}, + 'patchable': {'key': 'patchable', 'type': 'bool'}, + 'cve': {'key': 'cve', 'type': '[CVE]'}, + 'published_time': {'key': 'publishedTime', 'type': 'iso-8601'}, + 'vendor_references': {'key': 'vendorReferences', 'type': '[VendorReference]'}, + 'repository_name': {'key': 'repositoryName', 'type': 'str'}, + 'image_digest': {'key': 'imageDigest', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(ContainerRegistryVulnerabilityProperties, self).__init__(**kwargs) + self.type = None + self.cvss = None + self.patchable = None + self.cve = None + self.published_time = None + self.vendor_references = None + self.repository_name = None + self.image_digest = None + self.assessed_resource_type = 'ContainerRegistryVulnerability' + + +class CVE(Model): + """CVE details. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar title: CVE title + :vartype title: str + :ivar link: Link url + :vartype link: str + """ + + _validation = { + 'title': {'readonly': True}, + 'link': {'readonly': True}, + } + + _attribute_map = { + 'title': {'key': 'title', 'type': 'str'}, + 'link': {'key': 'link', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(CVE, self).__init__(**kwargs) + self.title = None + self.link = None + + +class CVSS(Model): + """CVSS details. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar base: CVSS base + :vartype base: float + """ + + _validation = { + 'base': {'readonly': True}, + } + + _attribute_map = { + 'base': {'key': 'base', 'type': 'float'}, + } + + def __init__(self, **kwargs) -> None: + super(CVSS, self).__init__(**kwargs) + self.base = None + + +class SettingResource(Resource): + """The kind of the security setting. + + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: Setting + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Resource Id + :vartype id: str + :ivar name: Resource name + :vartype name: str :ivar type: Resource type :vartype type: str - :param kind: Required. the kind of the settings string - (DataExportSetting). Possible values include: 'DataExportSetting', - 'AlertSuppressionSetting' - :type kind: str or ~azure.mgmt.security.models.SettingKind + :param kind: Required. Constant filled by server. + :type kind: str """ _validation = { @@ -1168,14 +2483,22 @@ class SettingResource(Resource): 'kind': {'key': 'kind', 'type': 'str'}, } - def __init__(self, *, kind, **kwargs) -> None: + _subtype_map = { + 'kind': {'Setting': 'Setting'} + } + + def __init__(self, **kwargs) -> None: super(SettingResource, self).__init__(**kwargs) - self.kind = kind + self.kind = None + self.kind = 'SettingResource' class Setting(SettingResource): """Represents a security setting in Azure Security Center. + You probably want to use the sub-classes and not this class directly. Known + sub-classes are: DataExportSettings + Variables are only populated by the server, and will be ignored when sending a request. @@ -1187,10 +2510,8 @@ class Setting(SettingResource): :vartype name: str :ivar type: Resource type :vartype type: str - :param kind: Required. the kind of the settings string - (DataExportSetting). Possible values include: 'DataExportSetting', - 'AlertSuppressionSetting' - :type kind: str or ~azure.mgmt.security.models.SettingKind + :param kind: Required. Constant filled by server. + :type kind: str """ _validation = { @@ -1207,11 +2528,16 @@ class Setting(SettingResource): 'kind': {'key': 'kind', 'type': 'str'}, } - def __init__(self, *, kind, **kwargs) -> None: - super(Setting, self).__init__(kind=kind, **kwargs) + _subtype_map = { + 'kind': {'DataExportSettings': 'DataExportSettings'} + } + + def __init__(self, **kwargs) -> None: + super(Setting, self).__init__(**kwargs) + self.kind = 'Setting' -class DataExportSetting(Setting): +class DataExportSettings(Setting): """Represents a data export setting. Variables are only populated by the server, and will be ignored when @@ -1225,10 +2551,8 @@ class DataExportSetting(Setting): :vartype name: str :ivar type: Resource type :vartype type: str - :param kind: Required. the kind of the settings string - (DataExportSetting). Possible values include: 'DataExportSetting', - 'AlertSuppressionSetting' - :type kind: str or ~azure.mgmt.security.models.SettingKind + :param kind: Required. Constant filled by server. + :type kind: str :param enabled: Required. Is the data export setting is enabled :type enabled: bool """ @@ -1249,9 +2573,158 @@ class DataExportSetting(Setting): 'enabled': {'key': 'properties.enabled', 'type': 'bool'}, } - def __init__(self, *, kind, enabled: bool, **kwargs) -> None: - super(DataExportSetting, self).__init__(kind=kind, **kwargs) + def __init__(self, *, enabled: bool, **kwargs) -> None: + super(DataExportSettings, self).__init__(**kwargs) self.enabled = enabled + self.kind = 'DataExportSettings' + + +class DenylistCustomAlertRule(ListCustomAlertRule): + """A custom alert rule that checks if a value (depends on the custom alert + type) is denied. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :ivar value_type: The value type of the items in the list. Possible values + include: 'IpCidr', 'String' + :vartype value_type: str or ~azure.mgmt.security.models.ValueType + :param denylist_values: Required. The values to deny. The format of the + values depends on the rule type. + :type denylist_values: list[str] + """ + + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'value_type': {'readonly': True}, + 'denylist_values': {'required': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'value_type': {'key': 'valueType', 'type': 'str'}, + 'denylist_values': {'key': 'denylistValues', 'type': '[str]'}, + } + + def __init__(self, *, is_enabled: bool, denylist_values, **kwargs) -> None: + super(DenylistCustomAlertRule, self).__init__(is_enabled=is_enabled, **kwargs) + self.denylist_values = denylist_values + self.rule_type = 'DenylistCustomAlertRule' + + +class DeviceSecurityGroup(Resource): + """The device security group resource. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Resource Id + :vartype id: str + :ivar name: Resource name + :vartype name: str + :ivar type: Resource type + :vartype type: str + :param threshold_rules: The list of custom alert threshold rules. + :type threshold_rules: + list[~azure.mgmt.security.models.ThresholdCustomAlertRule] + :param time_window_rules: The list of custom alert time-window rules. + :type time_window_rules: + list[~azure.mgmt.security.models.TimeWindowCustomAlertRule] + :param allowlist_rules: The allow-list custom alert rules. + :type allowlist_rules: + list[~azure.mgmt.security.models.AllowlistCustomAlertRule] + :param denylist_rules: The deny-list custom alert rules. + :type denylist_rules: + list[~azure.mgmt.security.models.DenylistCustomAlertRule] + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'threshold_rules': {'key': 'properties.thresholdRules', 'type': '[ThresholdCustomAlertRule]'}, + 'time_window_rules': {'key': 'properties.timeWindowRules', 'type': '[TimeWindowCustomAlertRule]'}, + 'allowlist_rules': {'key': 'properties.allowlistRules', 'type': '[AllowlistCustomAlertRule]'}, + 'denylist_rules': {'key': 'properties.denylistRules', 'type': '[DenylistCustomAlertRule]'}, + } + + def __init__(self, *, threshold_rules=None, time_window_rules=None, allowlist_rules=None, denylist_rules=None, **kwargs) -> None: + super(DeviceSecurityGroup, self).__init__(**kwargs) + self.threshold_rules = threshold_rules + self.time_window_rules = time_window_rules + self.allowlist_rules = allowlist_rules + self.denylist_rules = denylist_rules + + +class DirectMethodInvokesNotInAllowedRange(TimeWindowCustomAlertRule): + """Number of direct method invokes is not in allowed range. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :param min_threshold: Required. The minimum threshold. + :type min_threshold: int + :param max_threshold: Required. The maximum threshold. + :type max_threshold: int + :param time_window_size: Required. The time window size in iso8601 format. + :type time_window_size: timedelta + """ + + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'min_threshold': {'required': True}, + 'max_threshold': {'required': True}, + 'time_window_size': {'required': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'min_threshold': {'key': 'minThreshold', 'type': 'int'}, + 'max_threshold': {'key': 'maxThreshold', 'type': 'int'}, + 'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'}, + } + + def __init__(self, *, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size, **kwargs) -> None: + super(DirectMethodInvokesNotInAllowedRange, self).__init__(is_enabled=is_enabled, min_threshold=min_threshold, max_threshold=max_threshold, time_window_size=time_window_size, **kwargs) + self.rule_type = 'DirectMethodInvokesNotInAllowedRange' class DiscoveredSecuritySolution(Model): @@ -1315,6 +2788,45 @@ def __init__(self, *, security_family, offer: str, publisher: str, sku: str, **k self.sku = sku +class EffectiveNetworkSecurityGroups(Model): + """Describes the Network Security Groups effective on a network interface. + + :param network_interface: The Azure resource ID of the network interface + :type network_interface: str + :param network_security_groups: The Network Security Groups effective on + the network interface + :type network_security_groups: list[str] + """ + + _attribute_map = { + 'network_interface': {'key': 'networkInterface', 'type': 'str'}, + 'network_security_groups': {'key': 'networkSecurityGroups', 'type': '[str]'}, + } + + def __init__(self, *, network_interface: str=None, network_security_groups=None, **kwargs) -> None: + super(EffectiveNetworkSecurityGroups, self).__init__(**kwargs) + self.network_interface = network_interface + self.network_security_groups = network_security_groups + + +class ETag(Model): + """Entity tag is used for comparing two or more entities from the same + requested resource. + + :param etag: Entity tag is used for comparing two or more entities from + the same requested resource. + :type etag: str + """ + + _attribute_map = { + 'etag': {'key': 'etag', 'type': 'str'}, + } + + def __init__(self, *, etag: str=None, **kwargs) -> None: + super(ETag, self).__init__(**kwargs) + self.etag = etag + + class ExternalSecuritySolutionKind1(Model): """Describes an Azure resource with kind. @@ -1333,87 +2845,340 @@ def __init__(self, *, kind=None, **kwargs) -> None: self.kind = kind -class InformationProtectionKeyword(Model): - """The information type keyword. +class FailedLocalLoginsNotInAllowedRange(TimeWindowCustomAlertRule): + """Number of failed local logins is not in allowed range. - :param pattern: The keyword pattern. - :type pattern: str - :param custom: Indicates whether the keyword is custom or not. - :type custom: bool - :param can_be_numeric: Indicates whether the keyword can be applied on - numeric types or not. - :type can_be_numeric: bool - :param excluded: Indicates whether the keyword is excluded or not. - :type excluded: bool + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :param min_threshold: Required. The minimum threshold. + :type min_threshold: int + :param max_threshold: Required. The maximum threshold. + :type max_threshold: int + :param time_window_size: Required. The time window size in iso8601 format. + :type time_window_size: timedelta """ + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'min_threshold': {'required': True}, + 'max_threshold': {'required': True}, + 'time_window_size': {'required': True}, + } + _attribute_map = { - 'pattern': {'key': 'pattern', 'type': 'str'}, - 'custom': {'key': 'custom', 'type': 'bool'}, - 'can_be_numeric': {'key': 'canBeNumeric', 'type': 'bool'}, - 'excluded': {'key': 'excluded', 'type': 'bool'}, + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'min_threshold': {'key': 'minThreshold', 'type': 'int'}, + 'max_threshold': {'key': 'maxThreshold', 'type': 'int'}, + 'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'}, } - def __init__(self, *, pattern: str=None, custom: bool=None, can_be_numeric: bool=None, excluded: bool=None, **kwargs) -> None: - super(InformationProtectionKeyword, self).__init__(**kwargs) - self.pattern = pattern - self.custom = custom - self.can_be_numeric = can_be_numeric - self.excluded = excluded + def __init__(self, *, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size, **kwargs) -> None: + super(FailedLocalLoginsNotInAllowedRange, self).__init__(is_enabled=is_enabled, min_threshold=min_threshold, max_threshold=max_threshold, time_window_size=time_window_size, **kwargs) + self.rule_type = 'FailedLocalLoginsNotInAllowedRange' -class InformationProtectionPolicy(Resource): - """Information protection policy. +class FileUploadsNotInAllowedRange(TimeWindowCustomAlertRule): + """Number of file uploads is not in allowed range. Variables are only populated by the server, and will be ignored when sending a request. - :ivar id: Resource Id - :vartype id: str - :ivar name: Resource name - :vartype name: str - :ivar type: Resource type - :vartype type: str - :ivar last_modified_utc: Describes the last UTC time the policy was - modified. - :vartype last_modified_utc: datetime - :param labels: Dictionary of sensitivity labels. - :type labels: dict[str, ~azure.mgmt.security.models.SensitivityLabel] - :param information_types: The sensitivity information types. - :type information_types: dict[str, - ~azure.mgmt.security.models.InformationType] + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :param min_threshold: Required. The minimum threshold. + :type min_threshold: int + :param max_threshold: Required. The maximum threshold. + :type max_threshold: int + :param time_window_size: Required. The time window size in iso8601 format. + :type time_window_size: timedelta """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'last_modified_utc': {'readonly': True}, + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'min_threshold': {'required': True}, + 'max_threshold': {'required': True}, + 'time_window_size': {'required': True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'last_modified_utc': {'key': 'properties.lastModifiedUtc', 'type': 'iso-8601'}, - 'labels': {'key': 'properties.labels', 'type': '{SensitivityLabel}'}, - 'information_types': {'key': 'properties.informationTypes', 'type': '{InformationType}'}, + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'min_threshold': {'key': 'minThreshold', 'type': 'int'}, + 'max_threshold': {'key': 'maxThreshold', 'type': 'int'}, + 'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'}, } - def __init__(self, *, labels=None, information_types=None, **kwargs) -> None: - super(InformationProtectionPolicy, self).__init__(**kwargs) - self.last_modified_utc = None - self.labels = labels - self.information_types = information_types + def __init__(self, *, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size, **kwargs) -> None: + super(FileUploadsNotInAllowedRange, self).__init__(is_enabled=is_enabled, min_threshold=min_threshold, max_threshold=max_threshold, time_window_size=time_window_size, **kwargs) + self.rule_type = 'FileUploadsNotInAllowedRange' -class InformationType(Model): - """The information type. +class HttpC2DMessagesNotInAllowedRange(TimeWindowCustomAlertRule): + """Number of cloud to device messages (HTTP protocol) is not in allowed range. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :param min_threshold: Required. The minimum threshold. + :type min_threshold: int + :param max_threshold: Required. The maximum threshold. + :type max_threshold: int + :param time_window_size: Required. The time window size in iso8601 format. + :type time_window_size: timedelta + """ + + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'min_threshold': {'required': True}, + 'max_threshold': {'required': True}, + 'time_window_size': {'required': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'min_threshold': {'key': 'minThreshold', 'type': 'int'}, + 'max_threshold': {'key': 'maxThreshold', 'type': 'int'}, + 'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'}, + } + + def __init__(self, *, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size, **kwargs) -> None: + super(HttpC2DMessagesNotInAllowedRange, self).__init__(is_enabled=is_enabled, min_threshold=min_threshold, max_threshold=max_threshold, time_window_size=time_window_size, **kwargs) + self.rule_type = 'HttpC2DMessagesNotInAllowedRange' + + +class HttpC2DRejectedMessagesNotInAllowedRange(TimeWindowCustomAlertRule): + """Number of rejected cloud to device messages (HTTP protocol) is not in + allowed range. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :param min_threshold: Required. The minimum threshold. + :type min_threshold: int + :param max_threshold: Required. The maximum threshold. + :type max_threshold: int + :param time_window_size: Required. The time window size in iso8601 format. + :type time_window_size: timedelta + """ + + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'min_threshold': {'required': True}, + 'max_threshold': {'required': True}, + 'time_window_size': {'required': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'min_threshold': {'key': 'minThreshold', 'type': 'int'}, + 'max_threshold': {'key': 'maxThreshold', 'type': 'int'}, + 'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'}, + } + + def __init__(self, *, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size, **kwargs) -> None: + super(HttpC2DRejectedMessagesNotInAllowedRange, self).__init__(is_enabled=is_enabled, min_threshold=min_threshold, max_threshold=max_threshold, time_window_size=time_window_size, **kwargs) + self.rule_type = 'HttpC2DRejectedMessagesNotInAllowedRange' + + +class HttpD2CMessagesNotInAllowedRange(TimeWindowCustomAlertRule): + """Number of device to cloud messages (HTTP protocol) is not in allowed range. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :param min_threshold: Required. The minimum threshold. + :type min_threshold: int + :param max_threshold: Required. The maximum threshold. + :type max_threshold: int + :param time_window_size: Required. The time window size in iso8601 format. + :type time_window_size: timedelta + """ + + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'min_threshold': {'required': True}, + 'max_threshold': {'required': True}, + 'time_window_size': {'required': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'min_threshold': {'key': 'minThreshold', 'type': 'int'}, + 'max_threshold': {'key': 'maxThreshold', 'type': 'int'}, + 'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'}, + } + + def __init__(self, *, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size, **kwargs) -> None: + super(HttpD2CMessagesNotInAllowedRange, self).__init__(is_enabled=is_enabled, min_threshold=min_threshold, max_threshold=max_threshold, time_window_size=time_window_size, **kwargs) + self.rule_type = 'HttpD2CMessagesNotInAllowedRange' + + +class InformationProtectionKeyword(Model): + """The information type keyword. + + :param pattern: The keyword pattern. + :type pattern: str + :param custom: Indicates whether the keyword is custom or not. + :type custom: bool + :param can_be_numeric: Indicates whether the keyword can be applied on + numeric types or not. + :type can_be_numeric: bool + :param excluded: Indicates whether the keyword is excluded or not. + :type excluded: bool + """ + + _attribute_map = { + 'pattern': {'key': 'pattern', 'type': 'str'}, + 'custom': {'key': 'custom', 'type': 'bool'}, + 'can_be_numeric': {'key': 'canBeNumeric', 'type': 'bool'}, + 'excluded': {'key': 'excluded', 'type': 'bool'}, + } + + def __init__(self, *, pattern: str=None, custom: bool=None, can_be_numeric: bool=None, excluded: bool=None, **kwargs) -> None: + super(InformationProtectionKeyword, self).__init__(**kwargs) + self.pattern = pattern + self.custom = custom + self.can_be_numeric = can_be_numeric + self.excluded = excluded + + +class InformationProtectionPolicy(Resource): + """Information protection policy. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Resource Id + :vartype id: str + :ivar name: Resource name + :vartype name: str + :ivar type: Resource type + :vartype type: str + :ivar last_modified_utc: Describes the last UTC time the policy was + modified. + :vartype last_modified_utc: datetime + :ivar version: Describes the version of the policy. + :vartype version: str + :param labels: Dictionary of sensitivity labels. + :type labels: dict[str, ~azure.mgmt.security.models.SensitivityLabel] + :param information_types: The sensitivity information types. + :type information_types: dict[str, + ~azure.mgmt.security.models.InformationType] + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'last_modified_utc': {'readonly': True}, + 'version': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'last_modified_utc': {'key': 'properties.lastModifiedUtc', 'type': 'iso-8601'}, + 'version': {'key': 'properties.version', 'type': 'str'}, + 'labels': {'key': 'properties.labels', 'type': '{SensitivityLabel}'}, + 'information_types': {'key': 'properties.informationTypes', 'type': '{InformationType}'}, + } + + def __init__(self, *, labels=None, information_types=None, **kwargs) -> None: + super(InformationProtectionPolicy, self).__init__(**kwargs) + self.last_modified_utc = None + self.version = None + self.labels = labels + self.information_types = information_types + + +class InformationType(Model): + """The information type. :param display_name: The name of the information type. :type display_name: str + :param description: The description of the information type. + :type description: str :param order: The order of the information type. - :type order: float + :type order: int :param recommended_label_id: The recommended label id to be associated with this information type. :type recommended_label_id: str @@ -1428,16 +3193,18 @@ class InformationType(Model): _attribute_map = { 'display_name': {'key': 'displayName', 'type': 'str'}, - 'order': {'key': 'order', 'type': 'float'}, + 'description': {'key': 'description', 'type': 'str'}, + 'order': {'key': 'order', 'type': 'int'}, 'recommended_label_id': {'key': 'recommendedLabelId', 'type': 'str'}, 'enabled': {'key': 'enabled', 'type': 'bool'}, 'custom': {'key': 'custom', 'type': 'bool'}, 'keywords': {'key': 'keywords', 'type': '[InformationProtectionKeyword]'}, } - def __init__(self, *, display_name: str=None, order: float=None, recommended_label_id: str=None, enabled: bool=None, custom: bool=None, keywords=None, **kwargs) -> None: + def __init__(self, *, display_name: str=None, description: str=None, order: int=None, recommended_label_id: str=None, enabled: bool=None, custom: bool=None, keywords=None, **kwargs) -> None: super(InformationType, self).__init__(**kwargs) self.display_name = display_name + self.description = description self.order = order self.recommended_label_id = recommended_label_id self.enabled = enabled @@ -1459,36 +3226,39 @@ class IoTSecurityAggregatedAlert(Model): :vartype type: str :param tags: Resource tags :type tags: dict[str, str] - :ivar alert_type: Name of the alert type + :ivar alert_type: Name of the alert type. :vartype alert_type: str - :ivar alert_display_name: Display name of the alert type + :ivar alert_display_name: Display name of the alert type. :vartype alert_display_name: str - :ivar aggregated_date_utc: The date the incidents were detected by the - vendor + :ivar aggregated_date_utc: Date of detection. :vartype aggregated_date_utc: date - :ivar vendor_name: Name of the vendor that discovered the incident + :ivar vendor_name: Name of the organization that raised the alert. :vartype vendor_name: str - :ivar reported_severity: Estimated severity of this alert. Possible values - include: 'Informational', 'Low', 'Medium', 'High' + :ivar reported_severity: Assessed alert severity. Possible values include: + 'Informational', 'Low', 'Medium', 'High' :vartype reported_severity: str or ~azure.mgmt.security.models.ReportedSeverity - :ivar remediation_steps: Recommended steps for remediation + :ivar remediation_steps: Recommended steps for remediation. :vartype remediation_steps: str - :ivar description: Description of the incident and what it means + :ivar description: Description of the suspected vulnerability and meaning. :vartype description: str - :ivar count: Occurrence number of the alert within the aggregated date + :ivar count: Number of alerts occurrences within the aggregated time + window. :vartype count: int - :ivar effected_resource_type: Azure resource ID of the resource that got - the alerts + :ivar effected_resource_type: Azure resource ID of the resource that + received the alerts. :vartype effected_resource_type: str - :ivar system_source: The type of the alerted resource (Azure, Non-Azure) + :ivar system_source: The type of the alerted resource (Azure, Non-Azure). :vartype system_source: str - :ivar action_taken: The action that was taken as a response to the alert - (Active, Blocked etc.) + :ivar action_taken: IoT Security solution alert response. :vartype action_taken: str - :ivar log_analytics_query: query in log analytics to get the list of - affected devices/alerts + :ivar log_analytics_query: Log analytics query for getting the list of + affected devices/alerts. :vartype log_analytics_query: str + :ivar top_devices_list: 10 devices with the highest number of occurrences + of this alert type, on this day. + :vartype top_devices_list: + list[~azure.mgmt.security.models.IoTSecurityAggregatedAlertPropertiesTopDevicesListItem] """ _validation = { @@ -1507,6 +3277,7 @@ class IoTSecurityAggregatedAlert(Model): 'system_source': {'readonly': True}, 'action_taken': {'readonly': True}, 'log_analytics_query': {'readonly': True}, + 'top_devices_list': {'readonly': True}, } _attribute_map = { @@ -1526,6 +3297,7 @@ class IoTSecurityAggregatedAlert(Model): 'system_source': {'key': 'properties.systemSource', 'type': 'str'}, 'action_taken': {'key': 'properties.actionTaken', 'type': 'str'}, 'log_analytics_query': {'key': 'properties.logAnalyticsQuery', 'type': 'str'}, + 'top_devices_list': {'key': 'properties.topDevicesList', 'type': '[IoTSecurityAggregatedAlertPropertiesTopDevicesListItem]'}, } def __init__(self, *, tags=None, **kwargs) -> None: @@ -1546,10 +3318,45 @@ def __init__(self, *, tags=None, **kwargs) -> None: self.system_source = None self.action_taken = None self.log_analytics_query = None + self.top_devices_list = None + + +class IoTSecurityAggregatedAlertPropertiesTopDevicesListItem(Model): + """IoTSecurityAggregatedAlertPropertiesTopDevicesListItem. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar device_id: Name of the device. + :vartype device_id: str + :ivar alerts_count: Number of alerts raised for this device. + :vartype alerts_count: int + :ivar last_occurrence: Most recent time this alert was raised for this + device, on this day. + :vartype last_occurrence: str + """ + + _validation = { + 'device_id': {'readonly': True}, + 'alerts_count': {'readonly': True}, + 'last_occurrence': {'readonly': True}, + } + + _attribute_map = { + 'device_id': {'key': 'deviceId', 'type': 'str'}, + 'alerts_count': {'key': 'alertsCount', 'type': 'int'}, + 'last_occurrence': {'key': 'lastOccurrence', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(IoTSecurityAggregatedAlertPropertiesTopDevicesListItem, self).__init__(**kwargs) + self.device_id = None + self.alerts_count = None + self.last_occurrence = None class IoTSecurityAggregatedRecommendation(Model): - """Security Solution Recommendation Information. + """IoT Security solution recommendation information. Variables are only populated by the server, and will be ignored when sending a request. @@ -1562,31 +3369,31 @@ class IoTSecurityAggregatedRecommendation(Model): :vartype type: str :param tags: Resource tags :type tags: dict[str, str] - :param recommendation_name: Name of the recommendation + :param recommendation_name: Name of the recommendation. :type recommendation_name: str :ivar recommendation_display_name: Display name of the recommendation type. :vartype recommendation_display_name: str - :ivar description: Description of the incident and what it means + :ivar description: Description of the suspected vulnerability and meaning. :vartype description: str - :ivar recommendation_type_id: The recommendation-type GUID. + :ivar recommendation_type_id: Recommendation-type GUID. :vartype recommendation_type_id: str - :ivar detected_by: Name of the vendor that discovered the issue + :ivar detected_by: Name of the organization that made the recommendation. :vartype detected_by: str :ivar remediation_steps: Recommended steps for remediation :vartype remediation_steps: str - :ivar reported_severity: Estimated severity of this recommendation. - Possible values include: 'Informational', 'Low', 'Medium', 'High' + :ivar reported_severity: Assessed recommendation severity. Possible values + include: 'Informational', 'Low', 'Medium', 'High' :vartype reported_severity: str or ~azure.mgmt.security.models.ReportedSeverity - :ivar healthy_devices: the number of the healthy devices within the - solution + :ivar healthy_devices: Number of healthy devices within the IoT Security + solution. :vartype healthy_devices: int - :ivar unhealthy_device_count: the number of the unhealthy devices within - the solution + :ivar unhealthy_device_count: Number of unhealthy devices within the IoT + Security solution. :vartype unhealthy_device_count: int - :ivar log_analytics_query: query in log analytics to get the list of - affected devices/alerts + :ivar log_analytics_query: Log analytics query for getting the list of + affected devices/alerts. :vartype log_analytics_query: str """ @@ -1641,15 +3448,15 @@ def __init__(self, *, tags=None, recommendation_name: str=None, **kwargs) -> Non class IoTSecurityAlertedDevice(Model): - """Statistic information about the number of alerts per device during the last - period. + """Statistical information about the number of alerts per device during last + set number of days. Variables are only populated by the server, and will be ignored when sending a request. - :ivar device_id: Name of the alert type + :ivar device_id: Device identifier. :vartype device_id: str - :ivar alerts_count: the number of alerts raised for this device + :ivar alerts_count: Number of alerts raised for this device. :vartype alerts_count: int """ @@ -1669,42 +3476,20 @@ def __init__(self, **kwargs) -> None: self.alerts_count = None -class IoTSecurityAlertedDevicesList(Model): - """List of devices with the count of raised alerts. - - All required parameters must be populated in order to send to Azure. - - :param value: Required. List of aggregated alerts data - :type value: list[~azure.mgmt.security.models.IoTSecurityAlertedDevice] - """ - - _validation = { - 'value': {'required': True}, - } - - _attribute_map = { - 'value': {'key': 'value', 'type': '[IoTSecurityAlertedDevice]'}, - } - - def __init__(self, *, value, **kwargs) -> None: - super(IoTSecurityAlertedDevicesList, self).__init__(**kwargs) - self.value = value - - class IoTSecurityDeviceAlert(Model): - """Statistic information about the number of alerts per alert type during the - last period. + """Statistical information about the number of alerts per alert type during + last set number of days. Variables are only populated by the server, and will be ignored when sending a request. :ivar alert_display_name: Display name of the alert :vartype alert_display_name: str - :ivar reported_severity: Estimated severity of this alert. Possible values - include: 'Informational', 'Low', 'Medium', 'High' + :ivar reported_severity: Assessed Alert severity. Possible values include: + 'Informational', 'Low', 'Medium', 'High' :vartype reported_severity: str or ~azure.mgmt.security.models.ReportedSeverity - :ivar alerts_count: the number of alerts raised for this alert type + :ivar alerts_count: Number of alerts raised for this alert type. :vartype alerts_count: int """ @@ -1727,50 +3512,20 @@ def __init__(self, **kwargs) -> None: self.alerts_count = None -class IoTSecurityDeviceAlertsList(Model): - """List of alerts with the count of raised alerts. - - Variables are only populated by the server, and will be ignored when - sending a request. - - All required parameters must be populated in order to send to Azure. - - :param value: Required. List of top alerts data - :type value: list[~azure.mgmt.security.models.IoTSecurityDeviceAlert] - :ivar next_link: The URI to fetch the next page. - :vartype next_link: str - """ - - _validation = { - 'value': {'required': True}, - 'next_link': {'readonly': True}, - } - - _attribute_map = { - 'value': {'key': 'value', 'type': '[IoTSecurityDeviceAlert]'}, - 'next_link': {'key': 'nextLink', 'type': 'str'}, - } - - def __init__(self, *, value, **kwargs) -> None: - super(IoTSecurityDeviceAlertsList, self).__init__(**kwargs) - self.value = value - self.next_link = None - - class IoTSecurityDeviceRecommendation(Model): - """Statistic information about the number of recommendations per + """Statistical information about the number of recommendations per device, per recommendation type. Variables are only populated by the server, and will be ignored when sending a request. - :ivar recommendation_display_name: Display name of the recommendation + :ivar recommendation_display_name: Display name of the recommendation. :vartype recommendation_display_name: str - :ivar reported_severity: Estimated severity of this recommendation. - Possible values include: 'Informational', 'Low', 'Medium', 'High' + :ivar reported_severity: Assessed recommendation severity. Possible values + include: 'Informational', 'Low', 'Medium', 'High' :vartype reported_severity: str or ~azure.mgmt.security.models.ReportedSeverity - :ivar devices_count: the number of device with this recommendation + :ivar devices_count: Number of devices with this recommendation. :vartype devices_count: int """ @@ -1793,31 +3548,8 @@ def __init__(self, **kwargs) -> None: self.devices_count = None -class IoTSecurityDeviceRecommendationsList(Model): - """List of recommendations with the count of devices. - - All required parameters must be populated in order to send to Azure. - - :param value: Required. List of aggregated recommendation data - :type value: - list[~azure.mgmt.security.models.IoTSecurityDeviceRecommendation] - """ - - _validation = { - 'value': {'required': True}, - } - - _attribute_map = { - 'value': {'key': 'value', 'type': '[IoTSecurityDeviceRecommendation]'}, - } - - def __init__(self, *, value, **kwargs) -> None: - super(IoTSecurityDeviceRecommendationsList, self).__init__(**kwargs) - self.value = value - - class IoTSecuritySolutionAnalyticsModel(Resource): - """Security Analytics of a security solution. + """Security analytics of your IoT Security solution. Variables are only populated by the server, and will be ignored when sending a request. @@ -1828,24 +3560,25 @@ class IoTSecuritySolutionAnalyticsModel(Resource): :vartype name: str :ivar type: Resource type :vartype type: str - :ivar metrics: Security Analytics of a security solution + :ivar metrics: Security analytics of your IoT Security solution. :vartype metrics: ~azure.mgmt.security.models.IoTSeverityMetrics - :ivar unhealthy_device_count: number of unhealthy devices + :ivar unhealthy_device_count: Number of unhealthy devices within your IoT + Security solution. :vartype unhealthy_device_count: int - :ivar devices_metrics: The list of devices metrics by the aggregated date. + :ivar devices_metrics: List of device metrics by the aggregation date. :vartype devices_metrics: list[~azure.mgmt.security.models.IoTSecuritySolutionAnalyticsModelPropertiesDevicesMetricsItem] - :param top_alerted_devices: The list of top 3 devices with the most - attacked. + :param top_alerted_devices: List of the 3 devices with the most alerts. :type top_alerted_devices: - ~azure.mgmt.security.models.IoTSecurityAlertedDevicesList - :param most_prevalent_device_alerts: The list of most prevalent 3 alerts. + list[~azure.mgmt.security.models.IoTSecurityAlertedDevice] + :param most_prevalent_device_alerts: List of the 3 most prevalent device + alerts. :type most_prevalent_device_alerts: - ~azure.mgmt.security.models.IoTSecurityDeviceAlertsList - :param most_prevalent_device_recommendations: The list of most prevalent 3 - recommendations. + list[~azure.mgmt.security.models.IoTSecurityDeviceAlert] + :param most_prevalent_device_recommendations: List of the 3 most prevalent + device recommendations. :type most_prevalent_device_recommendations: - ~azure.mgmt.security.models.IoTSecurityDeviceRecommendationsList + list[~azure.mgmt.security.models.IoTSecurityDeviceRecommendation] """ _validation = { @@ -1864,9 +3597,9 @@ class IoTSecuritySolutionAnalyticsModel(Resource): 'metrics': {'key': 'properties.metrics', 'type': 'IoTSeverityMetrics'}, 'unhealthy_device_count': {'key': 'properties.unhealthyDeviceCount', 'type': 'int'}, 'devices_metrics': {'key': 'properties.devicesMetrics', 'type': '[IoTSecuritySolutionAnalyticsModelPropertiesDevicesMetricsItem]'}, - 'top_alerted_devices': {'key': 'properties.topAlertedDevices', 'type': 'IoTSecurityAlertedDevicesList'}, - 'most_prevalent_device_alerts': {'key': 'properties.mostPrevalentDeviceAlerts', 'type': 'IoTSecurityDeviceAlertsList'}, - 'most_prevalent_device_recommendations': {'key': 'properties.mostPrevalentDeviceRecommendations', 'type': 'IoTSecurityDeviceRecommendationsList'}, + 'top_alerted_devices': {'key': 'properties.topAlertedDevices', 'type': '[IoTSecurityAlertedDevice]'}, + 'most_prevalent_device_alerts': {'key': 'properties.mostPrevalentDeviceAlerts', 'type': '[IoTSecurityDeviceAlert]'}, + 'most_prevalent_device_recommendations': {'key': 'properties.mostPrevalentDeviceRecommendations', 'type': '[IoTSecurityDeviceRecommendation]'}, } def __init__(self, *, top_alerted_devices=None, most_prevalent_device_alerts=None, most_prevalent_device_recommendations=None, **kwargs) -> None: @@ -1880,17 +3613,19 @@ def __init__(self, *, top_alerted_devices=None, most_prevalent_device_alerts=Non class IoTSecuritySolutionAnalyticsModelList(Model): - """List of Security Analytics of a security solution. + """List of Security analytics of your IoT Security solution. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :param value: Required. List of Security Analytics of a security solution + :param value: Required. List of Security analytics of your IoT Security + solution :type value: list[~azure.mgmt.security.models.IoTSecuritySolutionAnalyticsModel] - :ivar next_link: The URI to fetch the next page. + :ivar next_link: When there is too much alert data for one page, use this + URI to fetch the next page. :vartype next_link: str """ @@ -1913,9 +3648,10 @@ def __init__(self, *, value, **kwargs) -> None: class IoTSecuritySolutionAnalyticsModelPropertiesDevicesMetricsItem(Model): """IoTSecuritySolutionAnalyticsModelPropertiesDevicesMetricsItem. - :param date_property: the date of the metrics + :param date_property: Aggregation of IoT Security solution device alert + metrics by date. :type date_property: datetime - :param devices_metrics: devices alerts count by severity. + :param devices_metrics: Device alert count by severity. :type devices_metrics: ~azure.mgmt.security.models.IoTSeverityMetrics """ @@ -1931,7 +3667,7 @@ def __init__(self, *, date_property=None, devices_metrics=None, **kwargs) -> Non class IoTSecuritySolutionModel(Model): - """Security Solution. + """IoT Security solution configuration and resource information. Variables are only populated by the server, and will be ignored when sending a request. @@ -1948,14 +3684,14 @@ class IoTSecuritySolutionModel(Model): :type tags: dict[str, str] :param location: The resource location. :type location: str - :param workspace: Required. Workspace resource ID + :param workspace: Workspace resource ID :type workspace: str :param display_name: Required. Resource display name. :type display_name: str - :param status: Security solution status. Possible values include: - 'Enabled', 'Disabled'. Default value: "Enabled" . + :param status: Status of the IoT Security solution. Possible values + include: 'Enabled', 'Disabled'. Default value: "Enabled" . :type status: str or ~azure.mgmt.security.models.SecuritySolutionStatus - :param export: List of additional export to workspace data options + :param export: List of additional options for exporting to workspace data. :type export: list[str or ~azure.mgmt.security.models.ExportData] :param disabled_data_sources: Disabled data sources. Disabling these data sources compromises the system. @@ -1972,13 +3708,17 @@ class IoTSecuritySolutionModel(Model): :param recommendations_configuration: :type recommendations_configuration: list[~azure.mgmt.security.models.RecommendationConfigurationProperties] + :param unmasked_ip_logging_status: Unmasked IP address logging status. + Possible values include: 'Disabled', 'Enabled'. Default value: "Disabled" + . + :type unmasked_ip_logging_status: str or + ~azure.mgmt.security.models.UnmaskedIpLoggingStatus """ _validation = { 'id': {'readonly': True}, 'name': {'readonly': True}, 'type': {'readonly': True}, - 'workspace': {'required': True}, 'display_name': {'required': True}, 'iot_hubs': {'required': True}, 'auto_discovered_resources': {'readonly': True}, @@ -1999,9 +3739,10 @@ class IoTSecuritySolutionModel(Model): 'user_defined_resources': {'key': 'properties.userDefinedResources', 'type': 'UserDefinedResourcesProperties'}, 'auto_discovered_resources': {'key': 'properties.autoDiscoveredResources', 'type': '[str]'}, 'recommendations_configuration': {'key': 'properties.recommendationsConfiguration', 'type': '[RecommendationConfigurationProperties]'}, + 'unmasked_ip_logging_status': {'key': 'properties.unmaskedIpLoggingStatus', 'type': 'str'}, } - def __init__(self, *, workspace: str, display_name: str, iot_hubs, tags=None, location: str=None, status="Enabled", export=None, disabled_data_sources=None, user_defined_resources=None, recommendations_configuration=None, **kwargs) -> None: + def __init__(self, *, display_name: str, iot_hubs, tags=None, location: str=None, workspace: str=None, status="Enabled", export=None, disabled_data_sources=None, user_defined_resources=None, recommendations_configuration=None, unmasked_ip_logging_status="Disabled", **kwargs) -> None: super(IoTSecuritySolutionModel, self).__init__(**kwargs) self.id = None self.name = None @@ -2017,16 +3758,17 @@ def __init__(self, *, workspace: str, display_name: str, iot_hubs, tags=None, lo self.user_defined_resources = user_defined_resources self.auto_discovered_resources = None self.recommendations_configuration = recommendations_configuration + self.unmasked_ip_logging_status = unmasked_ip_logging_status class IoTSeverityMetrics(Model): - """Severity metrics. + """IoT Security solution analytics severity metrics. - :param high: count of high severity items + :param high: Count of high severity alerts/recommendations. :type high: int - :param medium: count of medium severity items + :param medium: Count of medium severity alerts/recommendations. :type medium: int - :param low: count of low severity items + :param low: Count of low severity alerts/recommendations. :type low: int """ @@ -2146,6 +3888,8 @@ class JitNetworkAccessPolicyInitiateRequest(Model): open access for :type virtual_machines: list[~azure.mgmt.security.models.JitNetworkAccessPolicyInitiateVirtualMachine] + :param justification: The justification for making the initiate request + :type justification: str """ _validation = { @@ -2154,11 +3898,13 @@ class JitNetworkAccessPolicyInitiateRequest(Model): _attribute_map = { 'virtual_machines': {'key': 'virtualMachines', 'type': '[JitNetworkAccessPolicyInitiateVirtualMachine]'}, + 'justification': {'key': 'justification', 'type': 'str'}, } - def __init__(self, *, virtual_machines, **kwargs) -> None: + def __init__(self, *, virtual_machines, justification: str=None, **kwargs) -> None: super(JitNetworkAccessPolicyInitiateRequest, self).__init__(**kwargs) self.virtual_machines = virtual_machines + self.justification = justification class JitNetworkAccessPolicyInitiateVirtualMachine(Model): @@ -2281,6 +4027,8 @@ class JitNetworkAccessRequest(Model): :param requestor: Required. The identity of the person who made the request :type requestor: str + :param justification: The justification for making the initiate request + :type justification: str """ _validation = { @@ -2293,13 +4041,15 @@ class JitNetworkAccessRequest(Model): 'virtual_machines': {'key': 'virtualMachines', 'type': '[JitNetworkAccessRequestVirtualMachine]'}, 'start_time_utc': {'key': 'startTimeUtc', 'type': 'iso-8601'}, 'requestor': {'key': 'requestor', 'type': 'str'}, + 'justification': {'key': 'justification', 'type': 'str'}, } - def __init__(self, *, virtual_machines, start_time_utc, requestor: str, **kwargs) -> None: + def __init__(self, *, virtual_machines, start_time_utc, requestor: str, justification: str=None, **kwargs) -> None: super(JitNetworkAccessRequest, self).__init__(**kwargs) self.virtual_machines = virtual_machines self.start_time_utc = start_time_utc self.requestor = requestor + self.justification = justification class JitNetworkAccessRequestPort(Model): @@ -2403,31 +4153,271 @@ def __init__(self, *, kind: str=None, **kwargs) -> None: self.kind = kind -class Location(Model): - """Describes an Azure resource with location. +class LocalUserNotAllowed(AllowlistCustomAlertRule): + """Login by a local user that isn't allowed. Allow list consists of login + names to allow. Variables are only populated by the server, and will be ignored when sending a request. - :ivar location: Location where the resource is stored - :vartype location: str + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :ivar value_type: The value type of the items in the list. Possible values + include: 'IpCidr', 'String' + :vartype value_type: str or ~azure.mgmt.security.models.ValueType + :param allowlist_values: Required. The values to allow. The format of the + values depends on the rule type. + :type allowlist_values: list[str] """ _validation = { - 'location': {'readonly': True}, + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'value_type': {'readonly': True}, + 'allowlist_values': {'required': True}, } _attribute_map = { - 'location': {'key': 'location', 'type': 'str'}, + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'value_type': {'key': 'valueType', 'type': 'str'}, + 'allowlist_values': {'key': 'allowlistValues', 'type': '[str]'}, } - def __init__(self, **kwargs) -> None: - super(Location, self).__init__(**kwargs) - self.location = None + def __init__(self, *, is_enabled: bool, allowlist_values, **kwargs) -> None: + super(LocalUserNotAllowed, self).__init__(is_enabled=is_enabled, allowlist_values=allowlist_values, **kwargs) + self.rule_type = 'LocalUserNotAllowed' -class Operation(Model): - """Possible operation in the REST API of Microsoft.Security. +class Location(Model): + """Describes an Azure resource with location. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar location: Location where the resource is stored + :vartype location: str + """ + + _validation = { + 'location': {'readonly': True}, + } + + _attribute_map = { + 'location': {'key': 'location', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(Location, self).__init__(**kwargs) + self.location = None + + +class MqttC2DMessagesNotInAllowedRange(TimeWindowCustomAlertRule): + """Number of cloud to device messages (MQTT protocol) is not in allowed range. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :param min_threshold: Required. The minimum threshold. + :type min_threshold: int + :param max_threshold: Required. The maximum threshold. + :type max_threshold: int + :param time_window_size: Required. The time window size in iso8601 format. + :type time_window_size: timedelta + """ + + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'min_threshold': {'required': True}, + 'max_threshold': {'required': True}, + 'time_window_size': {'required': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'min_threshold': {'key': 'minThreshold', 'type': 'int'}, + 'max_threshold': {'key': 'maxThreshold', 'type': 'int'}, + 'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'}, + } + + def __init__(self, *, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size, **kwargs) -> None: + super(MqttC2DMessagesNotInAllowedRange, self).__init__(is_enabled=is_enabled, min_threshold=min_threshold, max_threshold=max_threshold, time_window_size=time_window_size, **kwargs) + self.rule_type = 'MqttC2DMessagesNotInAllowedRange' + + +class MqttC2DRejectedMessagesNotInAllowedRange(TimeWindowCustomAlertRule): + """Number of rejected cloud to device messages (MQTT protocol) is not in + allowed range. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :param min_threshold: Required. The minimum threshold. + :type min_threshold: int + :param max_threshold: Required. The maximum threshold. + :type max_threshold: int + :param time_window_size: Required. The time window size in iso8601 format. + :type time_window_size: timedelta + """ + + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'min_threshold': {'required': True}, + 'max_threshold': {'required': True}, + 'time_window_size': {'required': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'min_threshold': {'key': 'minThreshold', 'type': 'int'}, + 'max_threshold': {'key': 'maxThreshold', 'type': 'int'}, + 'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'}, + } + + def __init__(self, *, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size, **kwargs) -> None: + super(MqttC2DRejectedMessagesNotInAllowedRange, self).__init__(is_enabled=is_enabled, min_threshold=min_threshold, max_threshold=max_threshold, time_window_size=time_window_size, **kwargs) + self.rule_type = 'MqttC2DRejectedMessagesNotInAllowedRange' + + +class MqttD2CMessagesNotInAllowedRange(TimeWindowCustomAlertRule): + """Number of device to cloud messages (MQTT protocol) is not in allowed range. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :param min_threshold: Required. The minimum threshold. + :type min_threshold: int + :param max_threshold: Required. The maximum threshold. + :type max_threshold: int + :param time_window_size: Required. The time window size in iso8601 format. + :type time_window_size: timedelta + """ + + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'min_threshold': {'required': True}, + 'max_threshold': {'required': True}, + 'time_window_size': {'required': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'min_threshold': {'key': 'minThreshold', 'type': 'int'}, + 'max_threshold': {'key': 'maxThreshold', 'type': 'int'}, + 'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'}, + } + + def __init__(self, *, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size, **kwargs) -> None: + super(MqttD2CMessagesNotInAllowedRange, self).__init__(is_enabled=is_enabled, min_threshold=min_threshold, max_threshold=max_threshold, time_window_size=time_window_size, **kwargs) + self.rule_type = 'MqttD2CMessagesNotInAllowedRange' + + +class OnPremiseResourceDetails(ResourceDetails): + """Details of the On Premise resource that was assessed. + + All required parameters must be populated in order to send to Azure. + + :param source: Required. Constant filled by server. + :type source: str + :param workspace_id: Required. Azure resource Id of the workspace the + machine is attached to + :type workspace_id: str + :param vmuuid: Required. The unique Id of the machine + :type vmuuid: str + :param source_computer_id: Required. The oms agent Id installed on the + machine + :type source_computer_id: str + :param machine_name: Required. The name of the machine + :type machine_name: str + """ + + _validation = { + 'source': {'required': True}, + 'workspace_id': {'required': True}, + 'vmuuid': {'required': True}, + 'source_computer_id': {'required': True}, + 'machine_name': {'required': True}, + } + + _attribute_map = { + 'source': {'key': 'source', 'type': 'str'}, + 'workspace_id': {'key': 'workspaceId', 'type': 'str'}, + 'vmuuid': {'key': 'vmuuid', 'type': 'str'}, + 'source_computer_id': {'key': 'sourceComputerId', 'type': 'str'}, + 'machine_name': {'key': 'machineName', 'type': 'str'}, + } + + def __init__(self, *, workspace_id: str, vmuuid: str, source_computer_id: str, machine_name: str, **kwargs) -> None: + super(OnPremiseResourceDetails, self).__init__(**kwargs) + self.workspace_id = workspace_id + self.vmuuid = vmuuid + self.source_computer_id = source_computer_id + self.machine_name = machine_name + self.source = 'OnPremise' + + +class Operation(Model): + """Possible operation in the REST API of Microsoft.Security. Variables are only populated by the server, and will be ignored when sending a request. @@ -2549,7 +4539,10 @@ def __init__(self, *, path: str=None, action=None, type=None, publisher_info=Non class Pricing(Resource): - """Pricing tier will be applied for the scope based on the resource ID. + """Azure Security Center is provided in two pricing tiers: free and standard, + with the standard tier available with a trial period. The standard tier + offers advanced security capabilities, while the free tier offers basic + security features. Variables are only populated by the server, and will be ignored when sending a request. @@ -2617,6 +4610,83 @@ def __init__(self, *, value, **kwargs) -> None: self.value = value +class ProcessNotAllowed(AllowlistCustomAlertRule): + """Execution of a process that isn't allowed. Allow list consists of process + names to allow. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :ivar value_type: The value type of the items in the list. Possible values + include: 'IpCidr', 'String' + :vartype value_type: str or ~azure.mgmt.security.models.ValueType + :param allowlist_values: Required. The values to allow. The format of the + values depends on the rule type. + :type allowlist_values: list[str] + """ + + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'value_type': {'readonly': True}, + 'allowlist_values': {'required': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'value_type': {'key': 'valueType', 'type': 'str'}, + 'allowlist_values': {'key': 'allowlistValues', 'type': '[str]'}, + } + + def __init__(self, *, is_enabled: bool, allowlist_values, **kwargs) -> None: + super(ProcessNotAllowed, self).__init__(is_enabled=is_enabled, allowlist_values=allowlist_values, **kwargs) + self.rule_type = 'ProcessNotAllowed' + + +class ProtectionMode(Model): + """The protection mode of the collection/file types. Exe/Msi/Script are used + for Windows, Executable is used for Linux. + + :param exe: Possible values include: 'Audit', 'Enforce', 'None' + :type exe: str or ~azure.mgmt.security.models.enum + :param msi: Possible values include: 'Audit', 'Enforce', 'None' + :type msi: str or ~azure.mgmt.security.models.enum + :param script: Possible values include: 'Audit', 'Enforce', 'None' + :type script: str or ~azure.mgmt.security.models.enum + :param executable: Possible values include: 'Audit', 'Enforce', 'None' + :type executable: str or ~azure.mgmt.security.models.enum + """ + + _attribute_map = { + 'exe': {'key': 'exe', 'type': 'str'}, + 'msi': {'key': 'msi', 'type': 'str'}, + 'script': {'key': 'script', 'type': 'str'}, + 'executable': {'key': 'executable', 'type': 'str'}, + } + + def __init__(self, *, exe=None, msi=None, script=None, executable=None, **kwargs) -> None: + super(ProtectionMode, self).__init__(**kwargs) + self.exe = exe + self.msi = msi + self.script = script + self.executable = executable + + class PublisherInfo(Model): """Represents the publisher information of a process/rule. @@ -2650,16 +4720,65 @@ def __init__(self, *, publisher_name: str=None, product_name: str=None, binary_n self.version = version +class QueuePurgesNotInAllowedRange(TimeWindowCustomAlertRule): + """Number of device queue purges is not in allowed range. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :param min_threshold: Required. The minimum threshold. + :type min_threshold: int + :param max_threshold: Required. The maximum threshold. + :type max_threshold: int + :param time_window_size: Required. The time window size in iso8601 format. + :type time_window_size: timedelta + """ + + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'min_threshold': {'required': True}, + 'max_threshold': {'required': True}, + 'time_window_size': {'required': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'min_threshold': {'key': 'minThreshold', 'type': 'int'}, + 'max_threshold': {'key': 'maxThreshold', 'type': 'int'}, + 'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'}, + } + + def __init__(self, *, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size, **kwargs) -> None: + super(QueuePurgesNotInAllowedRange, self).__init__(is_enabled=is_enabled, min_threshold=min_threshold, max_threshold=max_threshold, time_window_size=time_window_size, **kwargs) + self.rule_type = 'QueuePurgesNotInAllowedRange' + + class RecommendationConfigurationProperties(Model): - """Recommendation configuration. + """The type of IoT Security recommendation. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :param recommendation_type: Required. The recommendation type. Possible - values include: 'IoT_ACRAuthentication', + :param recommendation_type: Required. The type of IoT Security + recommendation. Possible values include: 'IoT_ACRAuthentication', 'IoT_AgentSendsUnutilizedMessages', 'IoT_Baseline', 'IoT_EdgeHubMemOptimize', 'IoT_EdgeLoggingOptions', 'IoT_InconsistentModuleSettings', 'IoT_InstallAgent', @@ -2671,9 +4790,9 @@ class RecommendationConfigurationProperties(Model): ~azure.mgmt.security.models.RecommendationType :ivar name: :vartype name: str - :param status: Required. Recommendation status. The recommendation is not - generated when the status is disabled. Possible values include: - 'Disabled', 'Enabled'. Default value: "Enabled" . + :param status: Required. Recommendation status. When the recommendation + status is disabled recommendations are not generated. Possible values + include: 'Disabled', 'Enabled'. Default value: "Enabled" . :type status: str or ~azure.mgmt.security.models.RecommendationConfigStatus """ @@ -2814,83 +4933,664 @@ class RegulatoryComplianceControl(Resource): } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'description': {'key': 'properties.description', 'type': 'str'}, - 'state': {'key': 'properties.state', 'type': 'str'}, - 'passed_assessments': {'key': 'properties.passedAssessments', 'type': 'int'}, - 'failed_assessments': {'key': 'properties.failedAssessments', 'type': 'int'}, - 'skipped_assessments': {'key': 'properties.skippedAssessments', 'type': 'int'}, + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'state': {'key': 'properties.state', 'type': 'str'}, + 'passed_assessments': {'key': 'properties.passedAssessments', 'type': 'int'}, + 'failed_assessments': {'key': 'properties.failedAssessments', 'type': 'int'}, + 'skipped_assessments': {'key': 'properties.skippedAssessments', 'type': 'int'}, + } + + def __init__(self, *, state=None, **kwargs) -> None: + super(RegulatoryComplianceControl, self).__init__(**kwargs) + self.description = None + self.state = state + self.passed_assessments = None + self.failed_assessments = None + self.skipped_assessments = None + + +class RegulatoryComplianceStandard(Resource): + """Regulatory compliance standard details and state. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Resource Id + :vartype id: str + :ivar name: Resource name + :vartype name: str + :ivar type: Resource type + :vartype type: str + :param state: Aggregative state based on the standard's supported controls + states. Possible values include: 'Passed', 'Failed', 'Skipped', + 'Unsupported' + :type state: str or ~azure.mgmt.security.models.State + :ivar passed_controls: The number of supported regulatory compliance + controls of the given standard with a passed state + :vartype passed_controls: int + :ivar failed_controls: The number of supported regulatory compliance + controls of the given standard with a failed state + :vartype failed_controls: int + :ivar skipped_controls: The number of supported regulatory compliance + controls of the given standard with a skipped state + :vartype skipped_controls: int + :ivar unsupported_controls: The number of regulatory compliance controls + of the given standard which are unsupported by automated assessments + :vartype unsupported_controls: int + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'passed_controls': {'readonly': True}, + 'failed_controls': {'readonly': True}, + 'skipped_controls': {'readonly': True}, + 'unsupported_controls': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'state': {'key': 'properties.state', 'type': 'str'}, + 'passed_controls': {'key': 'properties.passedControls', 'type': 'int'}, + 'failed_controls': {'key': 'properties.failedControls', 'type': 'int'}, + 'skipped_controls': {'key': 'properties.skippedControls', 'type': 'int'}, + 'unsupported_controls': {'key': 'properties.unsupportedControls', 'type': 'int'}, + } + + def __init__(self, *, state=None, **kwargs) -> None: + super(RegulatoryComplianceStandard, self).__init__(**kwargs) + self.state = state + self.passed_controls = None + self.failed_controls = None + self.skipped_controls = None + self.unsupported_controls = None + + +class Rule(Model): + """Describes remote addresses that is recommended to communicate with the + Azure resource on some (Protocol, Port, Direction). All other remote + addresses are recommended to be blocked. + + :param name: The name of the rule + :type name: str + :param direction: The rule's direction. Possible values include: + 'Inbound', 'Outbound' + :type direction: str or ~azure.mgmt.security.models.Direction + :param destination_port: The rule's destination port + :type destination_port: int + :param protocols: The rule's transport protocols + :type protocols: list[str or + ~azure.mgmt.security.models.TransportProtocol] + :param ip_addresses: The remote IP addresses that should be able to + communicate with the Azure resource on the rule's destination port and + protocol + :type ip_addresses: list[str] + """ + + _attribute_map = { + 'name': {'key': 'name', 'type': 'str'}, + 'direction': {'key': 'direction', 'type': 'str'}, + 'destination_port': {'key': 'destinationPort', 'type': 'int'}, + 'protocols': {'key': 'protocols', 'type': '[str]'}, + 'ip_addresses': {'key': 'ipAddresses', 'type': '[str]'}, + } + + def __init__(self, *, name: str=None, direction=None, destination_port: int=None, protocols=None, ip_addresses=None, **kwargs) -> None: + super(Rule, self).__init__(**kwargs) + self.name = name + self.direction = direction + self.destination_port = destination_port + self.protocols = protocols + self.ip_addresses = ip_addresses + + +class ScopeElement(Model): + """A more specific scope used to identify the alerts to suppress. + + :param additional_properties: Unmatched properties from the message are + deserialized this collection + :type additional_properties: dict[str, object] + :param field: The alert entity type to suppress by. + :type field: str + """ + + _attribute_map = { + 'additional_properties': {'key': '', 'type': '{object}'}, + 'field': {'key': 'field', 'type': 'str'}, + } + + def __init__(self, *, additional_properties=None, field: str=None, **kwargs) -> None: + super(ScopeElement, self).__init__(**kwargs) + self.additional_properties = additional_properties + self.field = field + + +class SecureScoreControlDefinitionItem(Resource): + """Information about the security control. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Resource Id + :vartype id: str + :ivar name: Resource name + :vartype name: str + :ivar type: Resource type + :vartype type: str + :ivar display_name: User friendly display name of the control + :vartype display_name: str + :ivar description: User friendly description of the control + :vartype description: str + :ivar max_score: Maximum control score (0..10) + :vartype max_score: int + :ivar source: Source object from which the control was created + :vartype source: + ~azure.mgmt.security.models.SecureScoreControlDefinitionSource + :ivar assessment_definitions: Array of assessments metadata IDs that are + included in this security control + :vartype assessment_definitions: + list[~azure.mgmt.security.models.AzureResourceLink] + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'display_name': {'readonly': True}, + 'description': {'readonly': True, 'max_length': 256}, + 'max_score': {'readonly': True, 'maximum': 10, 'minimum': 0}, + 'source': {'readonly': True}, + 'assessment_definitions': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'max_score': {'key': 'properties.maxScore', 'type': 'int'}, + 'source': {'key': 'properties.source', 'type': 'SecureScoreControlDefinitionSource'}, + 'assessment_definitions': {'key': 'properties.assessmentDefinitions', 'type': '[AzureResourceLink]'}, + } + + def __init__(self, **kwargs) -> None: + super(SecureScoreControlDefinitionItem, self).__init__(**kwargs) + self.display_name = None + self.description = None + self.max_score = None + self.source = None + self.assessment_definitions = None + + +class SecureScoreControlDefinitionSource(Model): + """The type of the security control (For example, BuiltIn). + + :param source_type: The type of security control (for example, BuiltIn). + Possible values include: 'BuiltIn', 'Custom' + :type source_type: str or ~azure.mgmt.security.models.ControlType + """ + + _attribute_map = { + 'source_type': {'key': 'sourceType', 'type': 'str'}, + } + + def __init__(self, *, source_type=None, **kwargs) -> None: + super(SecureScoreControlDefinitionSource, self).__init__(**kwargs) + self.source_type = source_type + + +class SecureScoreControlDetails(Resource): + """Details of the security control, its score, and the health status of the + relevant resources. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Resource Id + :vartype id: str + :ivar name: Resource name + :vartype name: str + :ivar type: Resource type + :vartype type: str + :ivar display_name: User friendly display name of the control + :vartype display_name: str + :ivar max: Maximum score available + :vartype max: int + :ivar current: Current score + :vartype current: float + :ivar healthy_resource_count: Number of healthy resources in the control + :vartype healthy_resource_count: int + :ivar unhealthy_resource_count: Number of unhealthy resources in the + control + :vartype unhealthy_resource_count: int + :ivar not_applicable_resource_count: Number of not applicable resources in + the control + :vartype not_applicable_resource_count: int + :param definition: + :type definition: + ~azure.mgmt.security.models.SecureScoreControlDefinitionItem + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'display_name': {'readonly': True}, + 'max': {'readonly': True, 'minimum': 0}, + 'current': {'readonly': True, 'minimum': 0}, + 'healthy_resource_count': {'readonly': True}, + 'unhealthy_resource_count': {'readonly': True}, + 'not_applicable_resource_count': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'max': {'key': 'properties.score.max', 'type': 'int'}, + 'current': {'key': 'properties.score.current', 'type': 'float'}, + 'healthy_resource_count': {'key': 'properties.healthyResourceCount', 'type': 'int'}, + 'unhealthy_resource_count': {'key': 'properties.unhealthyResourceCount', 'type': 'int'}, + 'not_applicable_resource_count': {'key': 'properties.notApplicableResourceCount', 'type': 'int'}, + 'definition': {'key': 'properties.definition', 'type': 'SecureScoreControlDefinitionItem'}, + } + + def __init__(self, *, definition=None, **kwargs) -> None: + super(SecureScoreControlDetails, self).__init__(**kwargs) + self.display_name = None + self.max = None + self.current = None + self.healthy_resource_count = None + self.unhealthy_resource_count = None + self.not_applicable_resource_count = None + self.definition = definition + + +class SecureScoreControlScore(Model): + """Calculation result data. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar max: Maximum control score (0..10) + :vartype max: int + :ivar current: Actual score for the control = (achieved points / total + points) * max score. if total points is zeroed, the return number is 0.00 + :vartype current: float + """ + + _validation = { + 'max': {'readonly': True, 'maximum': 10, 'minimum': 0}, + 'current': {'readonly': True, 'maximum': 10, 'minimum': 0}, + } + + _attribute_map = { + 'max': {'key': 'max', 'type': 'int'}, + 'current': {'key': 'current', 'type': 'float'}, + } + + def __init__(self, **kwargs) -> None: + super(SecureScoreControlScore, self).__init__(**kwargs) + self.max = None + self.current = None + + +class SecureScoreItem(Resource): + """Secure score item data model. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Resource Id + :vartype id: str + :ivar name: Resource name + :vartype name: str + :ivar type: Resource type + :vartype type: str + :ivar display_name: The initiative’s name + :vartype display_name: str + :ivar max: Maximum score available + :vartype max: int + :ivar current: Current score + :vartype current: float + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'display_name': {'readonly': True}, + 'max': {'readonly': True, 'minimum': 0}, + 'current': {'readonly': True, 'minimum': 0}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'max': {'key': 'properties.score.max', 'type': 'int'}, + 'current': {'key': 'properties.score.current', 'type': 'float'}, + } + + def __init__(self, **kwargs) -> None: + super(SecureScoreItem, self).__init__(**kwargs) + self.display_name = None + self.max = None + self.current = None + + +class SecurityAssessment(Resource): + """Security assessment on a resource. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Resource Id + :vartype id: str + :ivar name: Resource name + :vartype name: str + :ivar type: Resource type + :vartype type: str + :param resource_details: Required. + :type resource_details: ~azure.mgmt.security.models.ResourceDetails + :ivar display_name: User friendly display name of the assessment + :vartype display_name: str + :param status: Required. + :type status: ~azure.mgmt.security.models.AssessmentStatus + :param additional_data: Additional data regarding the assessment + :type additional_data: dict[str, str] + :param links: + :type links: ~azure.mgmt.security.models.AssessmentLinks + :param metadata: + :type metadata: + ~azure.mgmt.security.models.SecurityAssessmentMetadataProperties + :param partners_data: + :type partners_data: + ~azure.mgmt.security.models.SecurityAssessmentPartnerData + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'resource_details': {'required': True}, + 'display_name': {'readonly': True}, + 'status': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'resource_details': {'key': 'properties.resourceDetails', 'type': 'ResourceDetails'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'status': {'key': 'properties.status', 'type': 'AssessmentStatus'}, + 'additional_data': {'key': 'properties.additionalData', 'type': '{str}'}, + 'links': {'key': 'properties.links', 'type': 'AssessmentLinks'}, + 'metadata': {'key': 'properties.metadata', 'type': 'SecurityAssessmentMetadataProperties'}, + 'partners_data': {'key': 'properties.partnersData', 'type': 'SecurityAssessmentPartnerData'}, + } + + def __init__(self, *, resource_details, status, additional_data=None, links=None, metadata=None, partners_data=None, **kwargs) -> None: + super(SecurityAssessment, self).__init__(**kwargs) + self.resource_details = resource_details + self.display_name = None + self.status = status + self.additional_data = additional_data + self.links = links + self.metadata = metadata + self.partners_data = partners_data + + +class SecurityAssessmentMetadata(Resource): + """Security assessment metadata. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Resource Id + :vartype id: str + :ivar name: Resource name + :vartype name: str + :ivar type: Resource type + :vartype type: str + :param display_name: Required. User friendly display name of the + assessment + :type display_name: str + :ivar policy_definition_id: Azure resource ID of the policy definition + that turns this assessment calculation on + :vartype policy_definition_id: str + :param description: Human readable description of the assessment + :type description: str + :param remediation_description: Human readable description of what you + should do to mitigate this security issue + :type remediation_description: str + :param category: + :type category: list[str or ~azure.mgmt.security.models.Category] + :param severity: Required. The severity level of the assessment. Possible + values include: 'Low', 'Medium', 'High' + :type severity: str or ~azure.mgmt.security.models.Severity + :param user_impact: The user impact of the assessment. Possible values + include: 'Low', 'Moderate', 'High' + :type user_impact: str or ~azure.mgmt.security.models.UserImpact + :param implementation_effort: The implementation effort required to + remediate this assessment. Possible values include: 'Low', 'Moderate', + 'High' + :type implementation_effort: str or + ~azure.mgmt.security.models.ImplementationEffort + :param threats: + :type threats: list[str or ~azure.mgmt.security.models.Threats] + :param preview: True if this assessment is in preview release status + :type preview: bool + :param assessment_type: Required. BuiltIn if the assessment based on + built-in Azure Policy definition, Custom if the assessment based on custom + Azure Policy definition. Possible values include: 'BuiltIn', + 'CustomPolicy', 'CustomerManaged', 'VerifiedPartner' + :type assessment_type: str or ~azure.mgmt.security.models.AssessmentType + :param partner_data: + :type partner_data: + ~azure.mgmt.security.models.SecurityAssessmentMetadataPartnerData + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'display_name': {'required': True}, + 'policy_definition_id': {'readonly': True}, + 'severity': {'required': True}, + 'assessment_type': {'required': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'policy_definition_id': {'key': 'properties.policyDefinitionId', 'type': 'str'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'remediation_description': {'key': 'properties.remediationDescription', 'type': 'str'}, + 'category': {'key': 'properties.category', 'type': '[str]'}, + 'severity': {'key': 'properties.severity', 'type': 'str'}, + 'user_impact': {'key': 'properties.userImpact', 'type': 'str'}, + 'implementation_effort': {'key': 'properties.implementationEffort', 'type': 'str'}, + 'threats': {'key': 'properties.threats', 'type': '[str]'}, + 'preview': {'key': 'properties.preview', 'type': 'bool'}, + 'assessment_type': {'key': 'properties.assessmentType', 'type': 'str'}, + 'partner_data': {'key': 'properties.partnerData', 'type': 'SecurityAssessmentMetadataPartnerData'}, + } + + def __init__(self, *, display_name: str, severity, assessment_type, description: str=None, remediation_description: str=None, category=None, user_impact=None, implementation_effort=None, threats=None, preview: bool=None, partner_data=None, **kwargs) -> None: + super(SecurityAssessmentMetadata, self).__init__(**kwargs) + self.display_name = display_name + self.policy_definition_id = None + self.description = description + self.remediation_description = remediation_description + self.category = category + self.severity = severity + self.user_impact = user_impact + self.implementation_effort = implementation_effort + self.threats = threats + self.preview = preview + self.assessment_type = assessment_type + self.partner_data = partner_data + + +class SecurityAssessmentMetadataPartnerData(Model): + """Describes the partner that created the assessment. + + All required parameters must be populated in order to send to Azure. + + :param partner_name: Required. Name of the company of the partner + :type partner_name: str + :param product_name: Name of the product of the partner that created the + assessment + :type product_name: str + :param secret: Required. Secret to authenticate the partner and verify it + created the assessment - write only + :type secret: str + """ + + _validation = { + 'partner_name': {'required': True}, + 'secret': {'required': True}, + } + + _attribute_map = { + 'partner_name': {'key': 'partnerName', 'type': 'str'}, + 'product_name': {'key': 'productName', 'type': 'str'}, + 'secret': {'key': 'secret', 'type': 'str'}, + } + + def __init__(self, *, partner_name: str, secret: str, product_name: str=None, **kwargs) -> None: + super(SecurityAssessmentMetadataPartnerData, self).__init__(**kwargs) + self.partner_name = partner_name + self.product_name = product_name + self.secret = secret + + +class SecurityAssessmentMetadataProperties(Model): + """Describes properties of an assessment metadata. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :param display_name: Required. User friendly display name of the + assessment + :type display_name: str + :ivar policy_definition_id: Azure resource ID of the policy definition + that turns this assessment calculation on + :vartype policy_definition_id: str + :param description: Human readable description of the assessment + :type description: str + :param remediation_description: Human readable description of what you + should do to mitigate this security issue + :type remediation_description: str + :param category: + :type category: list[str or ~azure.mgmt.security.models.Category] + :param severity: Required. The severity level of the assessment. Possible + values include: 'Low', 'Medium', 'High' + :type severity: str or ~azure.mgmt.security.models.Severity + :param user_impact: The user impact of the assessment. Possible values + include: 'Low', 'Moderate', 'High' + :type user_impact: str or ~azure.mgmt.security.models.UserImpact + :param implementation_effort: The implementation effort required to + remediate this assessment. Possible values include: 'Low', 'Moderate', + 'High' + :type implementation_effort: str or + ~azure.mgmt.security.models.ImplementationEffort + :param threats: + :type threats: list[str or ~azure.mgmt.security.models.Threats] + :param preview: True if this assessment is in preview release status + :type preview: bool + :param assessment_type: Required. BuiltIn if the assessment based on + built-in Azure Policy definition, Custom if the assessment based on custom + Azure Policy definition. Possible values include: 'BuiltIn', + 'CustomPolicy', 'CustomerManaged', 'VerifiedPartner' + :type assessment_type: str or ~azure.mgmt.security.models.AssessmentType + :param partner_data: + :type partner_data: + ~azure.mgmt.security.models.SecurityAssessmentMetadataPartnerData + """ + + _validation = { + 'display_name': {'required': True}, + 'policy_definition_id': {'readonly': True}, + 'severity': {'required': True}, + 'assessment_type': {'required': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'policy_definition_id': {'key': 'policyDefinitionId', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'remediation_description': {'key': 'remediationDescription', 'type': 'str'}, + 'category': {'key': 'category', 'type': '[str]'}, + 'severity': {'key': 'severity', 'type': 'str'}, + 'user_impact': {'key': 'userImpact', 'type': 'str'}, + 'implementation_effort': {'key': 'implementationEffort', 'type': 'str'}, + 'threats': {'key': 'threats', 'type': '[str]'}, + 'preview': {'key': 'preview', 'type': 'bool'}, + 'assessment_type': {'key': 'assessmentType', 'type': 'str'}, + 'partner_data': {'key': 'partnerData', 'type': 'SecurityAssessmentMetadataPartnerData'}, } - def __init__(self, *, state=None, **kwargs) -> None: - super(RegulatoryComplianceControl, self).__init__(**kwargs) - self.description = None - self.state = state - self.passed_assessments = None - self.failed_assessments = None - self.skipped_assessments = None - - -class RegulatoryComplianceStandard(Resource): - """Regulatory compliance standard details and state. + def __init__(self, *, display_name: str, severity, assessment_type, description: str=None, remediation_description: str=None, category=None, user_impact=None, implementation_effort=None, threats=None, preview: bool=None, partner_data=None, **kwargs) -> None: + super(SecurityAssessmentMetadataProperties, self).__init__(**kwargs) + self.display_name = display_name + self.policy_definition_id = None + self.description = description + self.remediation_description = remediation_description + self.category = category + self.severity = severity + self.user_impact = user_impact + self.implementation_effort = implementation_effort + self.threats = threats + self.preview = preview + self.assessment_type = assessment_type + self.partner_data = partner_data + + +class SecurityAssessmentPartnerData(Model): + """Data regarding 3rd party partner integration. - Variables are only populated by the server, and will be ignored when - sending a request. + All required parameters must be populated in order to send to Azure. - :ivar id: Resource Id - :vartype id: str - :ivar name: Resource name - :vartype name: str - :ivar type: Resource type - :vartype type: str - :param state: Aggregative state based on the standard's supported controls - states. Possible values include: 'Passed', 'Failed', 'Skipped', - 'Unsupported' - :type state: str or ~azure.mgmt.security.models.State - :ivar passed_controls: The number of supported regulatory compliance - controls of the given standard with a passed state - :vartype passed_controls: int - :ivar failed_controls: The number of supported regulatory compliance - controls of the given standard with a failed state - :vartype failed_controls: int - :ivar skipped_controls: The number of supported regulatory compliance - controls of the given standard with a skipped state - :vartype skipped_controls: int - :ivar unsupported_controls: The number of regulatory compliance controls - of the given standard which are unsupported by automated assessments - :vartype unsupported_controls: int + :param partner_name: Required. Name of the company of the partner + :type partner_name: str + :param secret: Required. secret to authenticate the partner - write only + :type secret: str """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'passed_controls': {'readonly': True}, - 'failed_controls': {'readonly': True}, - 'skipped_controls': {'readonly': True}, - 'unsupported_controls': {'readonly': True}, + 'partner_name': {'required': True}, + 'secret': {'required': True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'state': {'key': 'properties.state', 'type': 'str'}, - 'passed_controls': {'key': 'properties.passedControls', 'type': 'int'}, - 'failed_controls': {'key': 'properties.failedControls', 'type': 'int'}, - 'skipped_controls': {'key': 'properties.skippedControls', 'type': 'int'}, - 'unsupported_controls': {'key': 'properties.unsupportedControls', 'type': 'int'}, + 'partner_name': {'key': 'partnerName', 'type': 'str'}, + 'secret': {'key': 'secret', 'type': 'str'}, } - def __init__(self, *, state=None, **kwargs) -> None: - super(RegulatoryComplianceStandard, self).__init__(**kwargs) - self.state = state - self.passed_controls = None - self.failed_controls = None - self.skipped_controls = None - self.unsupported_controls = None + def __init__(self, *, partner_name: str, secret: str, **kwargs) -> None: + super(SecurityAssessmentPartnerData, self).__init__(**kwargs) + self.partner_name = partner_name + self.secret = secret class SecurityContact(Resource): @@ -2948,6 +5648,83 @@ def __init__(self, *, email: str, alert_notifications, alerts_to_admins, phone: self.alerts_to_admins = alerts_to_admins +class SecuritySubAssessment(Resource): + """Security sub-assessment on a resource. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar id: Resource Id + :vartype id: str + :ivar name: Resource name + :vartype name: str + :ivar type: Resource type + :vartype type: str + :ivar security_sub_assessment_id: Vulnerability ID + :vartype security_sub_assessment_id: str + :ivar display_name: User friendly display name of the sub-assessment + :vartype display_name: str + :param status: + :type status: ~azure.mgmt.security.models.SubAssessmentStatus + :ivar remediation: Information on how to remediate this sub-assessment + :vartype remediation: str + :ivar impact: Description of the impact of this sub-assessment + :vartype impact: str + :ivar category: Category of the sub-assessment + :vartype category: str + :ivar description: Human readable description of the assessment status + :vartype description: str + :ivar time_generated: The date and time the sub-assessment was generated + :vartype time_generated: datetime + :param resource_details: + :type resource_details: ~azure.mgmt.security.models.ResourceDetails + :param additional_data: + :type additional_data: ~azure.mgmt.security.models.AdditionalData + """ + + _validation = { + 'id': {'readonly': True}, + 'name': {'readonly': True}, + 'type': {'readonly': True}, + 'security_sub_assessment_id': {'readonly': True}, + 'display_name': {'readonly': True}, + 'remediation': {'readonly': True}, + 'impact': {'readonly': True}, + 'category': {'readonly': True}, + 'description': {'readonly': True}, + 'time_generated': {'readonly': True}, + } + + _attribute_map = { + 'id': {'key': 'id', 'type': 'str'}, + 'name': {'key': 'name', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'security_sub_assessment_id': {'key': 'properties.id', 'type': 'str'}, + 'display_name': {'key': 'properties.displayName', 'type': 'str'}, + 'status': {'key': 'properties.status', 'type': 'SubAssessmentStatus'}, + 'remediation': {'key': 'properties.remediation', 'type': 'str'}, + 'impact': {'key': 'properties.impact', 'type': 'str'}, + 'category': {'key': 'properties.category', 'type': 'str'}, + 'description': {'key': 'properties.description', 'type': 'str'}, + 'time_generated': {'key': 'properties.timeGenerated', 'type': 'iso-8601'}, + 'resource_details': {'key': 'properties.resourceDetails', 'type': 'ResourceDetails'}, + 'additional_data': {'key': 'properties.additionalData', 'type': 'AdditionalData'}, + } + + def __init__(self, *, status=None, resource_details=None, additional_data=None, **kwargs) -> None: + super(SecuritySubAssessment, self).__init__(**kwargs) + self.security_sub_assessment_id = None + self.display_name = None + self.status = status + self.remediation = None + self.impact = None + self.category = None + self.description = None + self.time_generated = None + self.resource_details = resource_details + self.additional_data = additional_data + + class SecurityTask(Resource): """Security task that we recommend to do in order to strengthen security. @@ -3038,21 +5815,30 @@ class SensitivityLabel(Model): :param display_name: The name of the sensitivity label. :type display_name: str + :param description: The description of the sensitivity label. + :type description: str + :param rank: The rank of the sensitivity label. Possible values include: + 'None', 'Low', 'Medium', 'High', 'Critical' + :type rank: str or ~azure.mgmt.security.models.Rank :param order: The order of the sensitivity label. - :type order: float + :type order: int :param enabled: Indicates whether the label is enabled or not. :type enabled: bool """ _attribute_map = { 'display_name': {'key': 'displayName', 'type': 'str'}, - 'order': {'key': 'order', 'type': 'float'}, + 'description': {'key': 'description', 'type': 'str'}, + 'rank': {'key': 'rank', 'type': 'Rank'}, + 'order': {'key': 'order', 'type': 'int'}, 'enabled': {'key': 'enabled', 'type': 'bool'}, } - def __init__(self, *, display_name: str=None, order: float=None, enabled: bool=None, **kwargs) -> None: + def __init__(self, *, display_name: str=None, description: str=None, rank=None, order: int=None, enabled: bool=None, **kwargs) -> None: super(SensitivityLabel, self).__init__(**kwargs) self.display_name = display_name + self.description = description + self.rank = rank self.order = order self.enabled = enabled @@ -3111,6 +5897,184 @@ def __init__(self, *, value=None, **kwargs) -> None: self.value = value +class ServerVulnerabilityProperties(AdditionalData): + """Additional context fields for server vulnerability assessment. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :param assessed_resource_type: Required. Constant filled by server. + :type assessed_resource_type: str + :ivar type: Vulnerability Type. e.g: Vulnerability, Potential + Vulnerability, Information Gathered + :vartype type: str + :ivar cvss: Dictionary from cvss version to cvss details object + :vartype cvss: dict[str, ~azure.mgmt.security.models.CVSS] + :ivar patchable: Indicates whether a patch is available or not + :vartype patchable: bool + :ivar cve: List of CVEs + :vartype cve: list[~azure.mgmt.security.models.CVE] + :ivar threat: Threat name + :vartype threat: str + :ivar published_time: Published time + :vartype published_time: datetime + :ivar vendor_references: + :vartype vendor_references: + list[~azure.mgmt.security.models.VendorReference] + """ + + _validation = { + 'assessed_resource_type': {'required': True}, + 'type': {'readonly': True}, + 'cvss': {'readonly': True}, + 'patchable': {'readonly': True}, + 'cve': {'readonly': True}, + 'threat': {'readonly': True}, + 'published_time': {'readonly': True}, + 'vendor_references': {'readonly': True}, + } + + _attribute_map = { + 'assessed_resource_type': {'key': 'assessedResourceType', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'cvss': {'key': 'cvss', 'type': '{CVSS}'}, + 'patchable': {'key': 'patchable', 'type': 'bool'}, + 'cve': {'key': 'cve', 'type': '[CVE]'}, + 'threat': {'key': 'threat', 'type': 'str'}, + 'published_time': {'key': 'publishedTime', 'type': 'iso-8601'}, + 'vendor_references': {'key': 'vendorReferences', 'type': '[VendorReference]'}, + } + + def __init__(self, **kwargs) -> None: + super(ServerVulnerabilityProperties, self).__init__(**kwargs) + self.type = None + self.cvss = None + self.patchable = None + self.cve = None + self.threat = None + self.published_time = None + self.vendor_references = None + self.assessed_resource_type = 'ServerVulnerabilityAssessment' + + +class SqlServerVulnerabilityProperties(AdditionalData): + """Details of the resource that was assessed. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :param assessed_resource_type: Required. Constant filled by server. + :type assessed_resource_type: str + :ivar type: The resource type the sub assessment refers to in its resource + details + :vartype type: str + :ivar query: The T-SQL query that runs on your SQL database to perform the + particular check + :vartype query: str + """ + + _validation = { + 'assessed_resource_type': {'required': True}, + 'type': {'readonly': True}, + 'query': {'readonly': True}, + } + + _attribute_map = { + 'assessed_resource_type': {'key': 'assessedResourceType', 'type': 'str'}, + 'type': {'key': 'type', 'type': 'str'}, + 'query': {'key': 'query', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(SqlServerVulnerabilityProperties, self).__init__(**kwargs) + self.type = None + self.query = None + self.assessed_resource_type = 'SqlServerVulnerability' + + +class SubAssessmentStatus(Model): + """Status of the sub-assessment. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar code: Programmatic code for the status of the assessment. Possible + values include: 'Healthy', 'Unhealthy', 'NotApplicable' + :vartype code: str or ~azure.mgmt.security.models.SubAssessmentStatusCode + :ivar cause: Programmatic code for the cause of the assessment status + :vartype cause: str + :ivar description: Human readable description of the assessment status + :vartype description: str + :ivar severity: The sub-assessment severity level. Possible values + include: 'Low', 'Medium', 'High' + :vartype severity: str or ~azure.mgmt.security.models.Severity + """ + + _validation = { + 'code': {'readonly': True}, + 'cause': {'readonly': True}, + 'description': {'readonly': True}, + 'severity': {'readonly': True}, + } + + _attribute_map = { + 'code': {'key': 'code', 'type': 'str'}, + 'cause': {'key': 'cause', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'severity': {'key': 'severity', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(SubAssessmentStatus, self).__init__(**kwargs) + self.code = None + self.cause = None + self.description = None + self.severity = None + + +class SuppressionAlertsScope(Model): + """SuppressionAlertsScope. + + All required parameters must be populated in order to send to Azure. + + :param all_of: Required. All the conditions inside need to be true in + order to suppress the alert + :type all_of: list[~azure.mgmt.security.models.ScopeElement] + """ + + _validation = { + 'all_of': {'required': True}, + } + + _attribute_map = { + 'all_of': {'key': 'allOf', 'type': '[ScopeElement]'}, + } + + def __init__(self, *, all_of, **kwargs) -> None: + super(SuppressionAlertsScope, self).__init__(**kwargs) + self.all_of = all_of + + +class Tags(Model): + """A list of key value pairs that describe the resource. + + :param tags: A list of key value pairs that describe the resource. + :type tags: dict[str, str] + """ + + _attribute_map = { + 'tags': {'key': 'tags', 'type': '{str}'}, + } + + def __init__(self, *, tags=None, **kwargs) -> None: + super(Tags, self).__init__(**kwargs) + self.tags = tags + + class TagsResource(Model): """A container holding only the Tags for a resource, allowing the user to update the tags. @@ -3291,6 +6255,104 @@ def __init__(self, **kwargs) -> None: self.resource_id = None +class TwinUpdatesNotInAllowedRange(TimeWindowCustomAlertRule): + """Number of twin updates is not in allowed range. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :param min_threshold: Required. The minimum threshold. + :type min_threshold: int + :param max_threshold: Required. The maximum threshold. + :type max_threshold: int + :param time_window_size: Required. The time window size in iso8601 format. + :type time_window_size: timedelta + """ + + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'min_threshold': {'required': True}, + 'max_threshold': {'required': True}, + 'time_window_size': {'required': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'min_threshold': {'key': 'minThreshold', 'type': 'int'}, + 'max_threshold': {'key': 'maxThreshold', 'type': 'int'}, + 'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'}, + } + + def __init__(self, *, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size, **kwargs) -> None: + super(TwinUpdatesNotInAllowedRange, self).__init__(is_enabled=is_enabled, min_threshold=min_threshold, max_threshold=max_threshold, time_window_size=time_window_size, **kwargs) + self.rule_type = 'TwinUpdatesNotInAllowedRange' + + +class UnauthorizedOperationsNotInAllowedRange(TimeWindowCustomAlertRule): + """Number of unauthorized operations is not in allowed range. + + Variables are only populated by the server, and will be ignored when + sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_name: The display name of the custom alert. + :vartype display_name: str + :ivar description: The description of the custom alert. + :vartype description: str + :param is_enabled: Required. Status of the custom alert. + :type is_enabled: bool + :param rule_type: Required. Constant filled by server. + :type rule_type: str + :param min_threshold: Required. The minimum threshold. + :type min_threshold: int + :param max_threshold: Required. The maximum threshold. + :type max_threshold: int + :param time_window_size: Required. The time window size in iso8601 format. + :type time_window_size: timedelta + """ + + _validation = { + 'display_name': {'readonly': True}, + 'description': {'readonly': True}, + 'is_enabled': {'required': True}, + 'rule_type': {'required': True}, + 'min_threshold': {'required': True}, + 'max_threshold': {'required': True}, + 'time_window_size': {'required': True}, + } + + _attribute_map = { + 'display_name': {'key': 'displayName', 'type': 'str'}, + 'description': {'key': 'description', 'type': 'str'}, + 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, + 'rule_type': {'key': 'ruleType', 'type': 'str'}, + 'min_threshold': {'key': 'minThreshold', 'type': 'int'}, + 'max_threshold': {'key': 'maxThreshold', 'type': 'int'}, + 'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'}, + } + + def __init__(self, *, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size, **kwargs) -> None: + super(UnauthorizedOperationsNotInAllowedRange, self).__init__(is_enabled=is_enabled, min_threshold=min_threshold, max_threshold=max_threshold, time_window_size=time_window_size, **kwargs) + self.rule_type = 'UnauthorizedOperationsNotInAllowedRange' + + class UpdateIotSecuritySolutionData(TagsResource): """UpdateIotSecuritySolutionData. @@ -3306,8 +6368,8 @@ class UpdateIotSecuritySolutionData(TagsResource): _attribute_map = { 'tags': {'key': 'tags', 'type': '{str}'}, - 'user_defined_resources': {'key': 'userDefinedResources', 'type': 'UserDefinedResourcesProperties'}, - 'recommendations_configuration': {'key': 'recommendationsConfiguration', 'type': '[RecommendationConfigurationProperties]'}, + 'user_defined_resources': {'key': 'properties.userDefinedResources', 'type': 'UserDefinedResourcesProperties'}, + 'recommendations_configuration': {'key': 'properties.recommendationsConfiguration', 'type': '[RecommendationConfigurationProperties]'}, } def __init__(self, *, tags=None, user_defined_resources=None, recommendations_configuration=None, **kwargs) -> None: @@ -3317,7 +6379,7 @@ def __init__(self, *, tags=None, user_defined_resources=None, recommendations_co class UserDefinedResourcesProperties(Model): - """Properties of the solution's user defined resources. + """Properties of the IoT Security solution's user defined resources. All required parameters must be populated in order to send to Azure. @@ -3368,6 +6430,34 @@ def __init__(self, *, username: str=None, recommendation_action=None, **kwargs) self.recommendation_action = recommendation_action +class VendorReference(Model): + """Vendor reference. + + Variables are only populated by the server, and will be ignored when + sending a request. + + :ivar title: Link title + :vartype title: str + :ivar link: Link url + :vartype link: str + """ + + _validation = { + 'title': {'readonly': True}, + 'link': {'readonly': True}, + } + + _attribute_map = { + 'title': {'key': 'title', 'type': 'str'}, + 'link': {'key': 'link', 'type': 'str'}, + } + + def __init__(self, **kwargs) -> None: + super(VendorReference, self).__init__(**kwargs) + self.title = None + self.link = None + + class VmRecommendation(Model): """Represents a machine that is part of a VM/server group. @@ -3379,19 +6469,24 @@ class VmRecommendation(Model): :type recommendation_action: str or ~azure.mgmt.security.models.enum :param resource_id: :type resource_id: str + :param enforcement_support: Possible values include: 'Supported', + 'NotSupported', 'Unknown' + :type enforcement_support: str or ~azure.mgmt.security.models.enum """ _attribute_map = { 'configuration_status': {'key': 'configurationStatus', 'type': 'str'}, 'recommendation_action': {'key': 'recommendationAction', 'type': 'str'}, 'resource_id': {'key': 'resourceId', 'type': 'str'}, + 'enforcement_support': {'key': 'enforcementSupport', 'type': 'str'}, } - def __init__(self, *, configuration_status=None, recommendation_action=None, resource_id: str=None, **kwargs) -> None: + def __init__(self, *, configuration_status=None, recommendation_action=None, resource_id: str=None, enforcement_support=None, **kwargs) -> None: super(VmRecommendation, self).__init__(**kwargs) self.configuration_status = configuration_status self.recommendation_action = recommendation_action self.resource_id = resource_id + self.enforcement_support = enforcement_support class WorkspaceSetting(Resource): diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_paged_models.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_paged_models.py index 362a777bdc8c..c470a56ff2ad 100644 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_paged_models.py +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_paged_models.py @@ -51,6 +51,19 @@ class SettingPaged(Paged): def __init__(self, *args, **kwargs): super(SettingPaged, self).__init__(*args, **kwargs) +class DeviceSecurityGroupPaged(Paged): + """ + A paging container for iterating over a list of :class:`DeviceSecurityGroup ` object + """ + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'current_page': {'key': 'value', 'type': '[DeviceSecurityGroup]'} + } + + def __init__(self, *args, **kwargs): + + super(DeviceSecurityGroupPaged, self).__init__(*args, **kwargs) class IoTSecuritySolutionModelPaged(Paged): """ A paging container for iterating over a list of :class:`IoTSecuritySolutionModel ` object @@ -90,211 +103,328 @@ class IoTSecurityAggregatedRecommendationPaged(Paged): def __init__(self, *args, **kwargs): super(IoTSecurityAggregatedRecommendationPaged, self).__init__(*args, **kwargs) -class AllowedConnectionsResourcePaged(Paged): +class AscLocationPaged(Paged): """ - A paging container for iterating over a list of :class:`AllowedConnectionsResource ` object + A paging container for iterating over a list of :class:`AscLocation ` object """ _attribute_map = { 'next_link': {'key': 'nextLink', 'type': 'str'}, - 'current_page': {'key': 'value', 'type': '[AllowedConnectionsResource]'} + 'current_page': {'key': 'value', 'type': '[AscLocation]'} } def __init__(self, *args, **kwargs): - super(AllowedConnectionsResourcePaged, self).__init__(*args, **kwargs) -class DiscoveredSecuritySolutionPaged(Paged): + super(AscLocationPaged, self).__init__(*args, **kwargs) +class OperationPaged(Paged): """ - A paging container for iterating over a list of :class:`DiscoveredSecuritySolution ` object + A paging container for iterating over a list of :class:`Operation ` object """ _attribute_map = { 'next_link': {'key': 'nextLink', 'type': 'str'}, - 'current_page': {'key': 'value', 'type': '[DiscoveredSecuritySolution]'} + 'current_page': {'key': 'value', 'type': '[Operation]'} } def __init__(self, *args, **kwargs): - super(DiscoveredSecuritySolutionPaged, self).__init__(*args, **kwargs) -class ExternalSecuritySolutionPaged(Paged): + super(OperationPaged, self).__init__(*args, **kwargs) +class SecurityTaskPaged(Paged): """ - A paging container for iterating over a list of :class:`ExternalSecuritySolution ` object + A paging container for iterating over a list of :class:`SecurityTask ` object """ _attribute_map = { 'next_link': {'key': 'nextLink', 'type': 'str'}, - 'current_page': {'key': 'value', 'type': '[ExternalSecuritySolution]'} + 'current_page': {'key': 'value', 'type': '[SecurityTask]'} } def __init__(self, *args, **kwargs): - super(ExternalSecuritySolutionPaged, self).__init__(*args, **kwargs) -class JitNetworkAccessPolicyPaged(Paged): + super(SecurityTaskPaged, self).__init__(*args, **kwargs) +class AutoProvisioningSettingPaged(Paged): """ - A paging container for iterating over a list of :class:`JitNetworkAccessPolicy ` object + A paging container for iterating over a list of :class:`AutoProvisioningSetting ` object """ _attribute_map = { 'next_link': {'key': 'nextLink', 'type': 'str'}, - 'current_page': {'key': 'value', 'type': '[JitNetworkAccessPolicy]'} + 'current_page': {'key': 'value', 'type': '[AutoProvisioningSetting]'} } def __init__(self, *args, **kwargs): - super(JitNetworkAccessPolicyPaged, self).__init__(*args, **kwargs) -class AscLocationPaged(Paged): + super(AutoProvisioningSettingPaged, self).__init__(*args, **kwargs) +class CompliancePaged(Paged): """ - A paging container for iterating over a list of :class:`AscLocation ` object + A paging container for iterating over a list of :class:`Compliance ` object """ _attribute_map = { 'next_link': {'key': 'nextLink', 'type': 'str'}, - 'current_page': {'key': 'value', 'type': '[AscLocation]'} + 'current_page': {'key': 'value', 'type': '[Compliance]'} } def __init__(self, *args, **kwargs): - super(AscLocationPaged, self).__init__(*args, **kwargs) -class OperationPaged(Paged): + super(CompliancePaged, self).__init__(*args, **kwargs) +class InformationProtectionPolicyPaged(Paged): """ - A paging container for iterating over a list of :class:`Operation ` object + A paging container for iterating over a list of :class:`InformationProtectionPolicy ` object """ _attribute_map = { 'next_link': {'key': 'nextLink', 'type': 'str'}, - 'current_page': {'key': 'value', 'type': '[Operation]'} + 'current_page': {'key': 'value', 'type': '[InformationProtectionPolicy]'} } def __init__(self, *args, **kwargs): - super(OperationPaged, self).__init__(*args, **kwargs) -class SecurityTaskPaged(Paged): + super(InformationProtectionPolicyPaged, self).__init__(*args, **kwargs) +class SecurityContactPaged(Paged): """ - A paging container for iterating over a list of :class:`SecurityTask ` object + A paging container for iterating over a list of :class:`SecurityContact ` object """ _attribute_map = { 'next_link': {'key': 'nextLink', 'type': 'str'}, - 'current_page': {'key': 'value', 'type': '[SecurityTask]'} + 'current_page': {'key': 'value', 'type': '[SecurityContact]'} } def __init__(self, *args, **kwargs): - super(SecurityTaskPaged, self).__init__(*args, **kwargs) -class TopologyResourcePaged(Paged): + super(SecurityContactPaged, self).__init__(*args, **kwargs) +class WorkspaceSettingPaged(Paged): """ - A paging container for iterating over a list of :class:`TopologyResource ` object + A paging container for iterating over a list of :class:`WorkspaceSetting ` object """ _attribute_map = { 'next_link': {'key': 'nextLink', 'type': 'str'}, - 'current_page': {'key': 'value', 'type': '[TopologyResource]'} + 'current_page': {'key': 'value', 'type': '[WorkspaceSetting]'} } def __init__(self, *args, **kwargs): - super(TopologyResourcePaged, self).__init__(*args, **kwargs) -class AutoProvisioningSettingPaged(Paged): + super(WorkspaceSettingPaged, self).__init__(*args, **kwargs) +class RegulatoryComplianceStandardPaged(Paged): """ - A paging container for iterating over a list of :class:`AutoProvisioningSetting ` object + A paging container for iterating over a list of :class:`RegulatoryComplianceStandard ` object """ _attribute_map = { 'next_link': {'key': 'nextLink', 'type': 'str'}, - 'current_page': {'key': 'value', 'type': '[AutoProvisioningSetting]'} + 'current_page': {'key': 'value', 'type': '[RegulatoryComplianceStandard]'} } def __init__(self, *args, **kwargs): - super(AutoProvisioningSettingPaged, self).__init__(*args, **kwargs) -class CompliancePaged(Paged): + super(RegulatoryComplianceStandardPaged, self).__init__(*args, **kwargs) +class RegulatoryComplianceControlPaged(Paged): """ - A paging container for iterating over a list of :class:`Compliance ` object + A paging container for iterating over a list of :class:`RegulatoryComplianceControl ` object """ _attribute_map = { 'next_link': {'key': 'nextLink', 'type': 'str'}, - 'current_page': {'key': 'value', 'type': '[Compliance]'} + 'current_page': {'key': 'value', 'type': '[RegulatoryComplianceControl]'} } def __init__(self, *args, **kwargs): - super(CompliancePaged, self).__init__(*args, **kwargs) -class InformationProtectionPolicyPaged(Paged): + super(RegulatoryComplianceControlPaged, self).__init__(*args, **kwargs) +class RegulatoryComplianceAssessmentPaged(Paged): """ - A paging container for iterating over a list of :class:`InformationProtectionPolicy ` object + A paging container for iterating over a list of :class:`RegulatoryComplianceAssessment ` object """ _attribute_map = { 'next_link': {'key': 'nextLink', 'type': 'str'}, - 'current_page': {'key': 'value', 'type': '[InformationProtectionPolicy]'} + 'current_page': {'key': 'value', 'type': '[RegulatoryComplianceAssessment]'} } def __init__(self, *args, **kwargs): - super(InformationProtectionPolicyPaged, self).__init__(*args, **kwargs) -class SecurityContactPaged(Paged): + super(RegulatoryComplianceAssessmentPaged, self).__init__(*args, **kwargs) +class SecuritySubAssessmentPaged(Paged): """ - A paging container for iterating over a list of :class:`SecurityContact ` object + A paging container for iterating over a list of :class:`SecuritySubAssessment ` object """ _attribute_map = { 'next_link': {'key': 'nextLink', 'type': 'str'}, - 'current_page': {'key': 'value', 'type': '[SecurityContact]'} + 'current_page': {'key': 'value', 'type': '[SecuritySubAssessment]'} } def __init__(self, *args, **kwargs): - super(SecurityContactPaged, self).__init__(*args, **kwargs) -class WorkspaceSettingPaged(Paged): + super(SecuritySubAssessmentPaged, self).__init__(*args, **kwargs) +class AutomationPaged(Paged): """ - A paging container for iterating over a list of :class:`WorkspaceSetting ` object + A paging container for iterating over a list of :class:`Automation ` object """ _attribute_map = { 'next_link': {'key': 'nextLink', 'type': 'str'}, - 'current_page': {'key': 'value', 'type': '[WorkspaceSetting]'} + 'current_page': {'key': 'value', 'type': '[Automation]'} } def __init__(self, *args, **kwargs): - super(WorkspaceSettingPaged, self).__init__(*args, **kwargs) -class RegulatoryComplianceStandardPaged(Paged): + super(AutomationPaged, self).__init__(*args, **kwargs) +class AlertsSuppressionRulePaged(Paged): """ - A paging container for iterating over a list of :class:`RegulatoryComplianceStandard ` object + A paging container for iterating over a list of :class:`AlertsSuppressionRule ` object """ _attribute_map = { 'next_link': {'key': 'nextLink', 'type': 'str'}, - 'current_page': {'key': 'value', 'type': '[RegulatoryComplianceStandard]'} + 'current_page': {'key': 'value', 'type': '[AlertsSuppressionRule]'} } def __init__(self, *args, **kwargs): - super(RegulatoryComplianceStandardPaged, self).__init__(*args, **kwargs) -class RegulatoryComplianceControlPaged(Paged): + super(AlertsSuppressionRulePaged, self).__init__(*args, **kwargs) +class SecurityAssessmentMetadataPaged(Paged): """ - A paging container for iterating over a list of :class:`RegulatoryComplianceControl ` object + A paging container for iterating over a list of :class:`SecurityAssessmentMetadata ` object """ _attribute_map = { 'next_link': {'key': 'nextLink', 'type': 'str'}, - 'current_page': {'key': 'value', 'type': '[RegulatoryComplianceControl]'} + 'current_page': {'key': 'value', 'type': '[SecurityAssessmentMetadata]'} } def __init__(self, *args, **kwargs): - super(RegulatoryComplianceControlPaged, self).__init__(*args, **kwargs) -class RegulatoryComplianceAssessmentPaged(Paged): + super(SecurityAssessmentMetadataPaged, self).__init__(*args, **kwargs) +class SecurityAssessmentPaged(Paged): """ - A paging container for iterating over a list of :class:`RegulatoryComplianceAssessment ` object + A paging container for iterating over a list of :class:`SecurityAssessment ` object """ _attribute_map = { 'next_link': {'key': 'nextLink', 'type': 'str'}, - 'current_page': {'key': 'value', 'type': '[RegulatoryComplianceAssessment]'} + 'current_page': {'key': 'value', 'type': '[SecurityAssessment]'} } def __init__(self, *args, **kwargs): - super(RegulatoryComplianceAssessmentPaged, self).__init__(*args, **kwargs) + super(SecurityAssessmentPaged, self).__init__(*args, **kwargs) +class AdaptiveNetworkHardeningPaged(Paged): + """ + A paging container for iterating over a list of :class:`AdaptiveNetworkHardening ` object + """ + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'current_page': {'key': 'value', 'type': '[AdaptiveNetworkHardening]'} + } + + def __init__(self, *args, **kwargs): + + super(AdaptiveNetworkHardeningPaged, self).__init__(*args, **kwargs) +class AllowedConnectionsResourcePaged(Paged): + """ + A paging container for iterating over a list of :class:`AllowedConnectionsResource ` object + """ + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'current_page': {'key': 'value', 'type': '[AllowedConnectionsResource]'} + } + + def __init__(self, *args, **kwargs): + + super(AllowedConnectionsResourcePaged, self).__init__(*args, **kwargs) +class TopologyResourcePaged(Paged): + """ + A paging container for iterating over a list of :class:`TopologyResource ` object + """ + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'current_page': {'key': 'value', 'type': '[TopologyResource]'} + } + + def __init__(self, *args, **kwargs): + + super(TopologyResourcePaged, self).__init__(*args, **kwargs) +class JitNetworkAccessPolicyPaged(Paged): + """ + A paging container for iterating over a list of :class:`JitNetworkAccessPolicy ` object + """ + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'current_page': {'key': 'value', 'type': '[JitNetworkAccessPolicy]'} + } + + def __init__(self, *args, **kwargs): + + super(JitNetworkAccessPolicyPaged, self).__init__(*args, **kwargs) +class DiscoveredSecuritySolutionPaged(Paged): + """ + A paging container for iterating over a list of :class:`DiscoveredSecuritySolution ` object + """ + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'current_page': {'key': 'value', 'type': '[DiscoveredSecuritySolution]'} + } + + def __init__(self, *args, **kwargs): + + super(DiscoveredSecuritySolutionPaged, self).__init__(*args, **kwargs) +class ExternalSecuritySolutionPaged(Paged): + """ + A paging container for iterating over a list of :class:`ExternalSecuritySolution ` object + """ + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'current_page': {'key': 'value', 'type': '[ExternalSecuritySolution]'} + } + + def __init__(self, *args, **kwargs): + + super(ExternalSecuritySolutionPaged, self).__init__(*args, **kwargs) +class SecureScoreItemPaged(Paged): + """ + A paging container for iterating over a list of :class:`SecureScoreItem ` object + """ + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'current_page': {'key': 'value', 'type': '[SecureScoreItem]'} + } + + def __init__(self, *args, **kwargs): + + super(SecureScoreItemPaged, self).__init__(*args, **kwargs) +class SecureScoreControlDetailsPaged(Paged): + """ + A paging container for iterating over a list of :class:`SecureScoreControlDetails ` object + """ + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'current_page': {'key': 'value', 'type': '[SecureScoreControlDetails]'} + } + + def __init__(self, *args, **kwargs): + + super(SecureScoreControlDetailsPaged, self).__init__(*args, **kwargs) +class SecureScoreControlDefinitionItemPaged(Paged): + """ + A paging container for iterating over a list of :class:`SecureScoreControlDefinitionItem ` object + """ + + _attribute_map = { + 'next_link': {'key': 'nextLink', 'type': 'str'}, + 'current_page': {'key': 'value', 'type': '[SecureScoreControlDefinitionItem]'} + } + + def __init__(self, *args, **kwargs): + + super(SecureScoreControlDefinitionItemPaged, self).__init__(*args, **kwargs) diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_security_center_enums.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_security_center_enums.py index 09cf991ceb06..80839b6b303a 100644 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_security_center_enums.py +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_security_center_enums.py @@ -34,10 +34,10 @@ class ReportedSeverity(str, Enum): high = "High" -class SettingKind(str, Enum): +class ValueType(str, Enum): - data_export_setting = "DataExportSetting" - alert_suppression_setting = "AlertSuppressionSetting" + ip_cidr = "IpCidr" #: An IP range in CIDR format (e.g. '192.168.0.1/8'). + string = "String" #: Any string value. class SecuritySolutionStatus(str, Enum): @@ -82,26 +82,155 @@ class RecommendationConfigStatus(str, Enum): enabled = "Enabled" -class SecurityFamily(str, Enum): +class UnmaskedIpLoggingStatus(str, Enum): - waf = "Waf" - ngfw = "Ngfw" - saas_waf = "SaasWaf" - va = "Va" + disabled = "Disabled" #: Unmasked IP logging is disabled + enabled = "Enabled" #: Unmasked IP logging is enabled -class AadConnectivityState(str, Enum): +class AutoProvision(str, Enum): - discovered = "Discovered" - not_licensed = "NotLicensed" - connected = "Connected" + on = "On" #: Install missing security agent on VMs automatically + off = "Off" #: Do not install security agent on the VMs automatically -class ExternalSecuritySolutionKind(str, Enum): +class Rank(str, Enum): - cef = "CEF" - ata = "ATA" - aad = "AAD" + none = "None" + low = "Low" + medium = "Medium" + high = "High" + critical = "Critical" + + +class AlertNotifications(str, Enum): + + on = "On" #: Get notifications on new alerts + off = "Off" #: Don't get notifications on new alerts + + +class AlertsToAdmins(str, Enum): + + on = "On" #: Send notification on new alerts to the subscription's admins + off = "Off" #: Don't send notification on new alerts to the subscription's admins + + +class State(str, Enum): + + passed = "Passed" #: All supported regulatory compliance controls in the given standard have a passed state + failed = "Failed" #: At least one supported regulatory compliance control in the given standard has a state of failed + skipped = "Skipped" #: All supported regulatory compliance controls in the given standard have a state of skipped + unsupported = "Unsupported" #: No supported regulatory compliance data for the given standard + + +class SubAssessmentStatusCode(str, Enum): + + healthy = "Healthy" #: The resource is healthy + unhealthy = "Unhealthy" #: The resource has a security issue that needs to be addressed + not_applicable = "NotApplicable" #: Assessment for this resource did not happen + + +class Severity(str, Enum): + + low = "Low" + medium = "Medium" + high = "High" + + +class EventSource(str, Enum): + + assessments = "Assessments" + alerts = "Alerts" + + +class PropertyType(str, Enum): + + string = "String" + integer = "Integer" + number = "Number" + boolean = "Boolean" + + +class Operator(str, Enum): + + equals = "Equals" + greater_than = "GreaterThan" + greater_than_or_equal_to = "GreaterThanOrEqualTo" + lesser_than = "LesserThan" + lesser_than_or_equal_to = "LesserThanOrEqualTo" + not_equals = "NotEquals" + contains = "Contains" + starts_with = "StartsWith" + ends_with = "EndsWith" + + +class RuleState(str, Enum): + + enabled = "Enabled" + disabled = "Disabled" + expired = "Expired" + + +class Category(str, Enum): + + compute = "Compute" + networking = "Networking" + data = "Data" + identity_and_access = "IdentityAndAccess" + io_t = "IoT" + + +class UserImpact(str, Enum): + + low = "Low" + moderate = "Moderate" + high = "High" + + +class ImplementationEffort(str, Enum): + + low = "Low" + moderate = "Moderate" + high = "High" + + +class Threats(str, Enum): + + account_breach = "accountBreach" + data_exfiltration = "dataExfiltration" + data_spillage = "dataSpillage" + malicious_insider = "maliciousInsider" + elevation_of_privilege = "elevationOfPrivilege" + threat_resistance = "threatResistance" + missing_coverage = "missingCoverage" + denial_of_service = "denialOfService" + + +class AssessmentType(str, Enum): + + built_in = "BuiltIn" #: Azure Security Center managed assessments + custom_policy = "CustomPolicy" #: User defined policies that are automatically ingested from Azure Policy to Azure Security Center + customer_managed = "CustomerManaged" #: User assessments pushed directly by the user or other third party to Azure Security Center + verified_partner = "VerifiedPartner" #: An assessment that was created by a verified 3rd party if the user connected it to ASC + + +class AssessmentStatusCode(str, Enum): + + healthy = "Healthy" #: The resource is healthy + unhealthy = "Unhealthy" #: The resource has a security issue that needs to be addressed + not_applicable = "NotApplicable" #: Assessment for this resource did not happen + + +class Direction(str, Enum): + + inbound = "Inbound" + outbound = "Outbound" + + +class TransportProtocol(str, Enum): + + tcp = "TCP" + udp = "UDP" class Protocol(str, Enum): @@ -124,33 +253,46 @@ class StatusReason(str, Enum): newer_request_initiated = "NewerRequestInitiated" -class AutoProvision(str, Enum): +class SecurityFamily(str, Enum): - on = "On" #: Install missing security agent on VMs automatically - off = "Off" #: Do not install security agent on the VMs automatically + waf = "Waf" + ngfw = "Ngfw" + saas_waf = "SaasWaf" + va = "Va" -class AlertNotifications(str, Enum): +class AadConnectivityState(str, Enum): - on = "On" #: Get notifications on new alerts - off = "Off" #: Don't get notifications on new alerts + discovered = "Discovered" + not_licensed = "NotLicensed" + connected = "Connected" -class AlertsToAdmins(str, Enum): +class ExternalSecuritySolutionKind(str, Enum): - on = "On" #: Send notification on new alerts to the subscription's admins - off = "Off" #: Don't send notification on new alerts to the subscription's admins + cef = "CEF" + ata = "ATA" + aad = "AAD" -class State(str, Enum): +class ControlType(str, Enum): - passed = "Passed" #: All supported regulatory compliance controls in the given standard have a passed state - failed = "Failed" #: At least one supported regulatory compliance control in the given standard has a state of failed - skipped = "Skipped" #: All supported regulatory compliance controls in the given standard have a state of skipped - unsupported = "Unsupported" #: No supported regulatory compliance data for the given standard + built_in = "BuiltIn" #: Azure Security Center managed assessments + custom = "Custom" #: Non Azure Security Center managed assessments + + +class ExpandEnum(str, Enum): + + links = "links" #: All links associated with an assessment + metadata = "metadata" #: Assessment metadata class ConnectionType(str, Enum): internal = "Internal" external = "External" + + +class ExpandControlsEnum(str, Enum): + + definition = "definition" #: Add definition object for each control diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/__init__.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/__init__.py index 2044043fcb95..b9c800c3a3a6 100644 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/__init__.py +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/__init__.py @@ -13,24 +13,15 @@ from ._pricings_operations import PricingsOperations from ._alerts_operations import AlertsOperations from ._settings_operations import SettingsOperations -from ._io_tsecurity_solutions_operations import IoTSecuritySolutionsOperations -from ._io_tsecurity_solutions_resource_group_operations import IoTSecuritySolutionsResourceGroupOperations +from ._advanced_threat_protection_operations import AdvancedThreatProtectionOperations +from ._device_security_groups_operations import DeviceSecurityGroupsOperations from ._iot_security_solution_operations import IotSecuritySolutionOperations -from ._io_tsecurity_solutions_analytics_operations import IoTSecuritySolutionsAnalyticsOperations -from ._io_tsecurity_solutions_analytics_aggregated_alerts_operations import IoTSecuritySolutionsAnalyticsAggregatedAlertsOperations -from ._io_tsecurity_solutions_analytics_aggregated_alert_operations import IoTSecuritySolutionsAnalyticsAggregatedAlertOperations -from ._io_tsecurity_solutions_analytics_recommendation_operations import IoTSecuritySolutionsAnalyticsRecommendationOperations -from ._io_tsecurity_solutions_analytics_recommendations_operations import IoTSecuritySolutionsAnalyticsRecommendationsOperations -from ._allowed_connections_operations import AllowedConnectionsOperations -from ._discovered_security_solutions_operations import DiscoveredSecuritySolutionsOperations -from ._external_security_solutions_operations import ExternalSecuritySolutionsOperations -from ._jit_network_access_policies_operations import JitNetworkAccessPoliciesOperations -from ._adaptive_application_controls_operations import AdaptiveApplicationControlsOperations +from ._iot_security_solution_analytics_operations import IotSecuritySolutionAnalyticsOperations +from ._iot_security_solutions_analytics_aggregated_alert_operations import IotSecuritySolutionsAnalyticsAggregatedAlertOperations +from ._iot_security_solutions_analytics_recommendation_operations import IotSecuritySolutionsAnalyticsRecommendationOperations from ._locations_operations import LocationsOperations from ._operations import Operations from ._tasks_operations import TasksOperations -from ._topology_operations import TopologyOperations -from ._advanced_threat_protection_operations import AdvancedThreatProtectionOperations from ._auto_provisioning_settings_operations import AutoProvisioningSettingsOperations from ._compliances_operations import CompliancesOperations from ._information_protection_policies_operations import InformationProtectionPoliciesOperations @@ -40,30 +31,36 @@ from ._regulatory_compliance_controls_operations import RegulatoryComplianceControlsOperations from ._regulatory_compliance_assessments_operations import RegulatoryComplianceAssessmentsOperations from ._server_vulnerability_assessment_operations import ServerVulnerabilityAssessmentOperations +from ._sub_assessments_operations import SubAssessmentsOperations +from ._automations_operations import AutomationsOperations +from ._alerts_suppression_rules_operations import AlertsSuppressionRulesOperations +from ._assessments_metadata_operations import AssessmentsMetadataOperations +from ._assessments_operations import AssessmentsOperations +from ._adaptive_application_controls_operations import AdaptiveApplicationControlsOperations +from ._adaptive_network_hardenings_operations import AdaptiveNetworkHardeningsOperations +from ._allowed_connections_operations import AllowedConnectionsOperations +from ._topology_operations import TopologyOperations +from ._jit_network_access_policies_operations import JitNetworkAccessPoliciesOperations +from ._discovered_security_solutions_operations import DiscoveredSecuritySolutionsOperations +from ._external_security_solutions_operations import ExternalSecuritySolutionsOperations +from ._secure_scores_operations import SecureScoresOperations +from ._secure_score_controls_operations import SecureScoreControlsOperations +from ._secure_score_control_definitions_operations import SecureScoreControlDefinitionsOperations __all__ = [ 'ComplianceResultsOperations', 'PricingsOperations', 'AlertsOperations', 'SettingsOperations', - 'IoTSecuritySolutionsOperations', - 'IoTSecuritySolutionsResourceGroupOperations', + 'AdvancedThreatProtectionOperations', + 'DeviceSecurityGroupsOperations', 'IotSecuritySolutionOperations', - 'IoTSecuritySolutionsAnalyticsOperations', - 'IoTSecuritySolutionsAnalyticsAggregatedAlertsOperations', - 'IoTSecuritySolutionsAnalyticsAggregatedAlertOperations', - 'IoTSecuritySolutionsAnalyticsRecommendationOperations', - 'IoTSecuritySolutionsAnalyticsRecommendationsOperations', - 'AllowedConnectionsOperations', - 'DiscoveredSecuritySolutionsOperations', - 'ExternalSecuritySolutionsOperations', - 'JitNetworkAccessPoliciesOperations', - 'AdaptiveApplicationControlsOperations', + 'IotSecuritySolutionAnalyticsOperations', + 'IotSecuritySolutionsAnalyticsAggregatedAlertOperations', + 'IotSecuritySolutionsAnalyticsRecommendationOperations', 'LocationsOperations', 'Operations', 'TasksOperations', - 'TopologyOperations', - 'AdvancedThreatProtectionOperations', 'AutoProvisioningSettingsOperations', 'CompliancesOperations', 'InformationProtectionPoliciesOperations', @@ -73,4 +70,19 @@ 'RegulatoryComplianceControlsOperations', 'RegulatoryComplianceAssessmentsOperations', 'ServerVulnerabilityAssessmentOperations', + 'SubAssessmentsOperations', + 'AutomationsOperations', + 'AlertsSuppressionRulesOperations', + 'AssessmentsMetadataOperations', + 'AssessmentsOperations', + 'AdaptiveApplicationControlsOperations', + 'AdaptiveNetworkHardeningsOperations', + 'AllowedConnectionsOperations', + 'TopologyOperations', + 'JitNetworkAccessPoliciesOperations', + 'DiscoveredSecuritySolutionsOperations', + 'ExternalSecuritySolutionsOperations', + 'SecureScoresOperations', + 'SecureScoreControlsOperations', + 'SecureScoreControlDefinitionsOperations', ] diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_adaptive_application_controls_operations.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_adaptive_application_controls_operations.py index bab90ed88dee..8ad6c49ff327 100644 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_adaptive_application_controls_operations.py +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_adaptive_application_controls_operations.py @@ -25,7 +25,7 @@ class AdaptiveApplicationControlsOperations(object): :param config: Configuration of service client. :param serializer: An object model serializer. :param deserializer: An object model deserializer. - :ivar api_version: API version for the operation. Constant value: "2015-06-01-preview". + :ivar api_version: API version for the operation. Constant value: "2020-01-01". """ models = models @@ -35,7 +35,7 @@ def __init__(self, client, config, serializer, deserializer): self._client = client self._serialize = serializer self._deserialize = deserializer - self.api_version = "2015-06-01-preview" + self.api_version = "2020-01-01" self.config = config @@ -168,8 +168,8 @@ def put( :param group_name: Name of an application control VM/server group :type group_name: str - :param body: The updated VM/server group data - :type body: ~azure.mgmt.security.models.AppWhitelistingPutGroupData + :param body: + :type body: ~azure.mgmt.security.models.AppWhitelistingGroup :param dict custom_headers: headers that will be added to the request :param bool raw: returns the direct response alongside the deserialized response @@ -205,7 +205,7 @@ def put( header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') # Construct body - body_content = self._serialize.body(body, 'AppWhitelistingPutGroupData') + body_content = self._serialize.body(body, 'AppWhitelistingGroup') # Construct and send request request = self._client.put(url, query_parameters, header_parameters, body_content) @@ -226,3 +226,54 @@ def put( return deserialized put.metadata = {'url': '/subscriptions/{subscriptionId}/providers/Microsoft.Security/locations/{ascLocation}/applicationWhitelistings/{groupName}'} + + def delete( + self, group_name, custom_headers=None, raw=False, **operation_config): + """Delete an application control VM/server group. + + :param group_name: Name of an application control VM/server group + :type group_name: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: None or ClientRawResponse if raw=true + :rtype: None or ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.delete.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'ascLocation': self._serialize.url("self.config.asc_location", self.config.asc_location, 'str'), + 'groupName': self._serialize.url("group_name", group_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200, 202, 204]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + if raw: + client_raw_response = ClientRawResponse(None, response) + return client_raw_response + delete.metadata = {'url': '/subscriptions/{subscriptionId}/providers/Microsoft.Security/locations/{ascLocation}/applicationWhitelistings/{groupName}'} diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_adaptive_network_hardenings_operations.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_adaptive_network_hardenings_operations.py new file mode 100644 index 000000000000..4e1c7e13981d --- /dev/null +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_adaptive_network_hardenings_operations.py @@ -0,0 +1,304 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +import uuid +from msrest.pipeline import ClientRawResponse +from msrestazure.azure_exceptions import CloudError +from msrest.polling import LROPoller, NoPolling +from msrestazure.polling.arm_polling import ARMPolling + +from .. import models + + +class AdaptiveNetworkHardeningsOperations(object): + """AdaptiveNetworkHardeningsOperations operations. + + You should not instantiate directly this class, but create a Client instance that will create it for you and attach it as attribute. + + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + :ivar api_version: API version for the operation. Constant value: "2020-01-01". + :ivar adaptive_network_hardening_enforce_action: Enforces the given rules on the NSG(s) listed in the request. Constant value: "enforce". + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self.api_version = "2020-01-01" + self.adaptive_network_hardening_enforce_action = "enforce" + + self.config = config + + def list_by_extended_resource( + self, resource_group_name, resource_namespace, resource_type, resource_name, custom_headers=None, raw=False, **operation_config): + """Gets a list of Adaptive Network Hardenings resources in scope of an + extended resource. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param resource_namespace: The Namespace of the resource. + :type resource_namespace: str + :param resource_type: The type of the resource. + :type resource_type: str + :param resource_name: Name of the resource. + :type resource_name: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: An iterator like instance of AdaptiveNetworkHardening + :rtype: + ~azure.mgmt.security.models.AdaptiveNetworkHardeningPaged[~azure.mgmt.security.models.AdaptiveNetworkHardening] + :raises: :class:`CloudError` + """ + def prepare_request(next_link=None): + if not next_link: + # Construct URL + url = self.list_by_extended_resource.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'resourceNamespace': self._serialize.url("resource_namespace", resource_namespace, 'str'), + 'resourceType': self._serialize.url("resource_type", resource_type, 'str'), + 'resourceName': self._serialize.url("resource_name", resource_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + query_parameters = {} + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def internal_paging(next_link=None): + request = prepare_request(next_link) + + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + return response + + # Deserialize response + header_dict = None + if raw: + header_dict = {} + deserialized = models.AdaptiveNetworkHardeningPaged(internal_paging, self._deserialize.dependencies, header_dict) + + return deserialized + list_by_extended_resource.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceNamespace}/{resourceType}/{resourceName}/providers/Microsoft.Security/adaptiveNetworkHardenings'} + + def get( + self, resource_group_name, resource_namespace, resource_type, resource_name, adaptive_network_hardening_resource_name, custom_headers=None, raw=False, **operation_config): + """Gets a single Adaptive Network Hardening resource. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param resource_namespace: The Namespace of the resource. + :type resource_namespace: str + :param resource_type: The type of the resource. + :type resource_type: str + :param resource_name: Name of the resource. + :type resource_name: str + :param adaptive_network_hardening_resource_name: The name of the + Adaptive Network Hardening resource. + :type adaptive_network_hardening_resource_name: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: AdaptiveNetworkHardening or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.security.models.AdaptiveNetworkHardening or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.get.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'resourceNamespace': self._serialize.url("resource_namespace", resource_namespace, 'str'), + 'resourceType': self._serialize.url("resource_type", resource_type, 'str'), + 'resourceName': self._serialize.url("resource_name", resource_name, 'str'), + 'adaptiveNetworkHardeningResourceName': self._serialize.url("adaptive_network_hardening_resource_name", adaptive_network_hardening_resource_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('AdaptiveNetworkHardening', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceNamespace}/{resourceType}/{resourceName}/providers/Microsoft.Security/adaptiveNetworkHardenings/{adaptiveNetworkHardeningResourceName}'} + + + def _enforce_initial( + self, resource_group_name, resource_namespace, resource_type, resource_name, adaptive_network_hardening_resource_name, rules, network_security_groups, custom_headers=None, raw=False, **operation_config): + body = models.AdaptiveNetworkHardeningEnforceRequest(rules=rules, network_security_groups=network_security_groups) + + # Construct URL + url = self.enforce.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'resourceNamespace': self._serialize.url("resource_namespace", resource_namespace, 'str'), + 'resourceType': self._serialize.url("resource_type", resource_type, 'str'), + 'resourceName': self._serialize.url("resource_name", resource_name, 'str'), + 'adaptiveNetworkHardeningResourceName': self._serialize.url("adaptive_network_hardening_resource_name", adaptive_network_hardening_resource_name, 'str'), + 'adaptiveNetworkHardeningEnforceAction': self._serialize.url("self.adaptive_network_hardening_enforce_action", self.adaptive_network_hardening_enforce_action, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct body + body_content = self._serialize.body(body, 'AdaptiveNetworkHardeningEnforceRequest') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200, 202]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + if raw: + client_raw_response = ClientRawResponse(None, response) + return client_raw_response + + def enforce( + self, resource_group_name, resource_namespace, resource_type, resource_name, adaptive_network_hardening_resource_name, rules, network_security_groups, custom_headers=None, raw=False, polling=True, **operation_config): + """Enforces the given rules on the NSG(s) listed in the request. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param resource_namespace: The Namespace of the resource. + :type resource_namespace: str + :param resource_type: The type of the resource. + :type resource_type: str + :param resource_name: Name of the resource. + :type resource_name: str + :param adaptive_network_hardening_resource_name: The name of the + Adaptive Network Hardening resource. + :type adaptive_network_hardening_resource_name: str + :param rules: The rules to enforce + :type rules: list[~azure.mgmt.security.models.Rule] + :param network_security_groups: The Azure resource IDs of the + effective network security groups that will be updated with the + created security rules from the Adaptive Network Hardening rules + :type network_security_groups: list[str] + :param dict custom_headers: headers that will be added to the request + :param bool raw: The poller return type is ClientRawResponse, the + direct response alongside the deserialized response + :param polling: True for ARMPolling, False for no polling, or a + polling object for personal polling strategy + :return: An instance of LROPoller that returns None or + ClientRawResponse if raw==True + :rtype: ~msrestazure.azure_operation.AzureOperationPoller[None] or + ~msrestazure.azure_operation.AzureOperationPoller[~msrest.pipeline.ClientRawResponse[None]] + :raises: :class:`CloudError` + """ + raw_result = self._enforce_initial( + resource_group_name=resource_group_name, + resource_namespace=resource_namespace, + resource_type=resource_type, + resource_name=resource_name, + adaptive_network_hardening_resource_name=adaptive_network_hardening_resource_name, + rules=rules, + network_security_groups=network_security_groups, + custom_headers=custom_headers, + raw=True, + **operation_config + ) + + def get_long_running_output(response): + if raw: + client_raw_response = ClientRawResponse(None, response) + return client_raw_response + + lro_delay = operation_config.get( + 'long_running_operation_timeout', + self.config.long_running_operation_timeout) + if polling is True: polling_method = ARMPolling(lro_delay, **operation_config) + elif polling is False: polling_method = NoPolling() + else: polling_method = polling + return LROPoller(self._client, raw_result, get_long_running_output, polling_method) + enforce.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceNamespace}/{resourceType}/{resourceName}/providers/Microsoft.Security/adaptiveNetworkHardenings/{adaptiveNetworkHardeningResourceName}/{adaptiveNetworkHardeningEnforceAction}'} diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_advanced_threat_protection_operations.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_advanced_threat_protection_operations.py index 57930d189083..5ae6a5c943e3 100644 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_advanced_threat_protection_operations.py +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_advanced_threat_protection_operations.py @@ -25,7 +25,7 @@ class AdvancedThreatProtectionOperations(object): :param config: Configuration of service client. :param serializer: An object model serializer. :param deserializer: An object model deserializer. - :ivar api_version: API version for the operation. Constant value: "2017-08-01-preview". + :ivar api_version: API version for the operation. Constant value: "2019-01-01". :ivar setting_name: Advanced Threat Protection setting name. Constant value: "current". """ @@ -36,7 +36,7 @@ def __init__(self, client, config, serializer, deserializer): self._client = client self._serialize = serializer self._deserialize = deserializer - self.api_version = "2017-08-01-preview" + self.api_version = "2019-01-01" self.setting_name = "current" self.config = config diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_alerts_operations.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_alerts_operations.py index 984144031f99..7c8400c02f95 100644 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_alerts_operations.py +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_alerts_operations.py @@ -40,7 +40,7 @@ def __init__(self, client, config, serializer, deserializer): self.config = config def list( - self, filter=None, select=None, expand=None, custom_headers=None, raw=False, **operation_config): + self, filter=None, select=None, expand=None, auto_dismiss_rule_name=None, custom_headers=None, raw=False, **operation_config): """List all the alerts that are associated with the subscription. :param filter: OData filter. Optional. @@ -49,6 +49,11 @@ def list( :type select: str :param expand: OData expand. Optional. :type expand: str + :param auto_dismiss_rule_name: The name of an existing auto dismiss + rule. Use it to simulate the rule on existing alerts and get the + alerts that would have been dismissed if the rule was enabled when the + alert was created + :type auto_dismiss_rule_name: str :param dict custom_headers: headers that will be added to the request :param bool raw: returns the direct response alongside the deserialized response @@ -77,6 +82,8 @@ def prepare_request(next_link=None): query_parameters['$select'] = self._serialize.query("select", select, 'str') if expand is not None: query_parameters['$expand'] = self._serialize.query("expand", expand, 'str') + if auto_dismiss_rule_name is not None: + query_parameters['autoDismissRuleName'] = self._serialize.query("auto_dismiss_rule_name", auto_dismiss_rule_name, 'str') else: url = next_link @@ -118,7 +125,7 @@ def internal_paging(next_link=None): list.metadata = {'url': '/subscriptions/{subscriptionId}/providers/Microsoft.Security/alerts'} def list_by_resource_group( - self, resource_group_name, filter=None, select=None, expand=None, custom_headers=None, raw=False, **operation_config): + self, resource_group_name, filter=None, select=None, expand=None, auto_dismiss_rule_name=None, custom_headers=None, raw=False, **operation_config): """List all the alerts that are associated with the resource group. :param resource_group_name: The name of the resource group within the @@ -130,6 +137,11 @@ def list_by_resource_group( :type select: str :param expand: OData expand. Optional. :type expand: str + :param auto_dismiss_rule_name: The name of an existing auto dismiss + rule. Use it to simulate the rule on existing alerts and get the + alerts that would have been dismissed if the rule was enabled when the + alert was created + :type auto_dismiss_rule_name: str :param dict custom_headers: headers that will be added to the request :param bool raw: returns the direct response alongside the deserialized response @@ -159,6 +171,8 @@ def prepare_request(next_link=None): query_parameters['$select'] = self._serialize.query("select", select, 'str') if expand is not None: query_parameters['$expand'] = self._serialize.query("expand", expand, 'str') + if auto_dismiss_rule_name is not None: + query_parameters['autoDismissRuleName'] = self._serialize.query("auto_dismiss_rule_name", auto_dismiss_rule_name, 'str') else: url = next_link @@ -200,7 +214,7 @@ def internal_paging(next_link=None): list_by_resource_group.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/alerts'} def list_subscription_level_alerts_by_region( - self, filter=None, select=None, expand=None, custom_headers=None, raw=False, **operation_config): + self, filter=None, select=None, expand=None, auto_dismiss_rule_name=None, custom_headers=None, raw=False, **operation_config): """List all the alerts that are associated with the subscription that are stored in a specific location. @@ -210,6 +224,11 @@ def list_subscription_level_alerts_by_region( :type select: str :param expand: OData expand. Optional. :type expand: str + :param auto_dismiss_rule_name: The name of an existing auto dismiss + rule. Use it to simulate the rule on existing alerts and get the + alerts that would have been dismissed if the rule was enabled when the + alert was created + :type auto_dismiss_rule_name: str :param dict custom_headers: headers that will be added to the request :param bool raw: returns the direct response alongside the deserialized response @@ -239,6 +258,8 @@ def prepare_request(next_link=None): query_parameters['$select'] = self._serialize.query("select", select, 'str') if expand is not None: query_parameters['$expand'] = self._serialize.query("expand", expand, 'str') + if auto_dismiss_rule_name is not None: + query_parameters['autoDismissRuleName'] = self._serialize.query("auto_dismiss_rule_name", auto_dismiss_rule_name, 'str') else: url = next_link @@ -280,7 +301,7 @@ def internal_paging(next_link=None): list_subscription_level_alerts_by_region.metadata = {'url': '/subscriptions/{subscriptionId}/providers/Microsoft.Security/locations/{ascLocation}/alerts'} def list_resource_group_level_alerts_by_region( - self, resource_group_name, filter=None, select=None, expand=None, custom_headers=None, raw=False, **operation_config): + self, resource_group_name, filter=None, select=None, expand=None, auto_dismiss_rule_name=None, custom_headers=None, raw=False, **operation_config): """List all the alerts that are associated with the resource group that are stored in a specific location. @@ -293,6 +314,11 @@ def list_resource_group_level_alerts_by_region( :type select: str :param expand: OData expand. Optional. :type expand: str + :param auto_dismiss_rule_name: The name of an existing auto dismiss + rule. Use it to simulate the rule on existing alerts and get the + alerts that would have been dismissed if the rule was enabled when the + alert was created + :type auto_dismiss_rule_name: str :param dict custom_headers: headers that will be added to the request :param bool raw: returns the direct response alongside the deserialized response @@ -323,6 +349,8 @@ def prepare_request(next_link=None): query_parameters['$select'] = self._serialize.query("select", select, 'str') if expand is not None: query_parameters['$expand'] = self._serialize.query("expand", expand, 'str') + if auto_dismiss_rule_name is not None: + query_parameters['autoDismissRuleName'] = self._serialize.query("auto_dismiss_rule_name", auto_dismiss_rule_name, 'str') else: url = next_link @@ -486,15 +514,117 @@ def get_resource_group_level_alerts( return deserialized get_resource_group_level_alerts.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/locations/{ascLocation}/alerts/{alertName}'} - def update_subscription_level_alert_state( - self, alert_name, alert_update_action_type, custom_headers=None, raw=False, **operation_config): + def update_subscription_level_alert_state_to_dismiss( + self, alert_name, custom_headers=None, raw=False, **operation_config): + """Update the alert's state. + + :param alert_name: Name of the alert object + :type alert_name: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: None or ClientRawResponse if raw=true + :rtype: None or ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.update_subscription_level_alert_state_to_dismiss.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'ascLocation': self._serialize.url("self.config.asc_location", self.config.asc_location, 'str'), + 'alertName': self._serialize.url("alert_name", alert_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [204]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + if raw: + client_raw_response = ClientRawResponse(None, response) + return client_raw_response + update_subscription_level_alert_state_to_dismiss.metadata = {'url': '/subscriptions/{subscriptionId}/providers/Microsoft.Security/locations/{ascLocation}/alerts/{alertName}/dismiss'} + + def update_subscription_level_alert_state_to_reactivate( + self, alert_name, custom_headers=None, raw=False, **operation_config): + """Update the alert's state. + + :param alert_name: Name of the alert object + :type alert_name: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: None or ClientRawResponse if raw=true + :rtype: None or ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.update_subscription_level_alert_state_to_reactivate.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'ascLocation': self._serialize.url("self.config.asc_location", self.config.asc_location, 'str'), + 'alertName': self._serialize.url("alert_name", alert_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [204]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + if raw: + client_raw_response = ClientRawResponse(None, response) + return client_raw_response + update_subscription_level_alert_state_to_reactivate.metadata = {'url': '/subscriptions/{subscriptionId}/providers/Microsoft.Security/locations/{ascLocation}/alerts/{alertName}/reactivate'} + + def update_resource_group_level_alert_state_to_dismiss( + self, alert_name, resource_group_name, custom_headers=None, raw=False, **operation_config): """Update the alert's state. :param alert_name: Name of the alert object :type alert_name: str - :param alert_update_action_type: Type of the action to do on the - alert. Possible values include: 'Dismiss', 'Reactivate' - :type alert_update_action_type: str + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str :param dict custom_headers: headers that will be added to the request :param bool raw: returns the direct response alongside the deserialized response @@ -505,12 +635,12 @@ def update_subscription_level_alert_state( :raises: :class:`CloudError` """ # Construct URL - url = self.update_subscription_level_alert_state.metadata['url'] + url = self.update_resource_group_level_alert_state_to_dismiss.metadata['url'] path_format_arguments = { 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), 'ascLocation': self._serialize.url("self.config.asc_location", self.config.asc_location, 'str'), 'alertName': self._serialize.url("alert_name", alert_name, 'str'), - 'alertUpdateActionType': self._serialize.url("alert_update_action_type", alert_update_action_type, 'str') + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$') } url = self._client.format_url(url, **path_format_arguments) @@ -539,17 +669,14 @@ def update_subscription_level_alert_state( if raw: client_raw_response = ClientRawResponse(None, response) return client_raw_response - update_subscription_level_alert_state.metadata = {'url': '/subscriptions/{subscriptionId}/providers/Microsoft.Security/locations/{ascLocation}/alerts/{alertName}/{alertUpdateActionType}'} + update_resource_group_level_alert_state_to_dismiss.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/locations/{ascLocation}/alerts/{alertName}/dismiss'} - def update_resource_group_level_alert_state( - self, alert_name, alert_update_action_type, resource_group_name, custom_headers=None, raw=False, **operation_config): + def update_resource_group_level_alert_state_to_reactivate( + self, alert_name, resource_group_name, custom_headers=None, raw=False, **operation_config): """Update the alert's state. :param alert_name: Name of the alert object :type alert_name: str - :param alert_update_action_type: Type of the action to do on the - alert. Possible values include: 'Dismiss', 'Reactivate' - :type alert_update_action_type: str :param resource_group_name: The name of the resource group within the user's subscription. The name is case insensitive. :type resource_group_name: str @@ -563,12 +690,11 @@ def update_resource_group_level_alert_state( :raises: :class:`CloudError` """ # Construct URL - url = self.update_resource_group_level_alert_state.metadata['url'] + url = self.update_resource_group_level_alert_state_to_reactivate.metadata['url'] path_format_arguments = { 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), 'ascLocation': self._serialize.url("self.config.asc_location", self.config.asc_location, 'str'), 'alertName': self._serialize.url("alert_name", alert_name, 'str'), - 'alertUpdateActionType': self._serialize.url("alert_update_action_type", alert_update_action_type, 'str'), 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$') } url = self._client.format_url(url, **path_format_arguments) @@ -598,4 +724,4 @@ def update_resource_group_level_alert_state( if raw: client_raw_response = ClientRawResponse(None, response) return client_raw_response - update_resource_group_level_alert_state.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/locations/{ascLocation}/alerts/{alertName}/{alertUpdateActionType}'} + update_resource_group_level_alert_state_to_reactivate.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/locations/{ascLocation}/alerts/{alertName}/reactivate'} diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_alerts_suppression_rules_operations.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_alerts_suppression_rules_operations.py new file mode 100644 index 000000000000..1efe50a04c7f --- /dev/null +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_alerts_suppression_rules_operations.py @@ -0,0 +1,287 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +import uuid +from msrest.pipeline import ClientRawResponse +from msrestazure.azure_exceptions import CloudError + +from .. import models + + +class AlertsSuppressionRulesOperations(object): + """AlertsSuppressionRulesOperations operations. + + You should not instantiate directly this class, but create a Client instance that will create it for you and attach it as attribute. + + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + :ivar api_version: API version for the operation. Constant value: "2019-01-01-preview". + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self.api_version = "2019-01-01-preview" + + self.config = config + + def list( + self, alert_type=None, custom_headers=None, raw=False, **operation_config): + """List of all the dismiss rules for the given subscription. + + :param alert_type: Type of the alert to get rules for + :type alert_type: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: An iterator like instance of AlertsSuppressionRule + :rtype: + ~azure.mgmt.security.models.AlertsSuppressionRulePaged[~azure.mgmt.security.models.AlertsSuppressionRule] + :raises: :class:`CloudError` + """ + def prepare_request(next_link=None): + if not next_link: + # Construct URL + url = self.list.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + if alert_type is not None: + query_parameters['AlertType'] = self._serialize.query("alert_type", alert_type, 'str') + + else: + url = next_link + query_parameters = {} + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def internal_paging(next_link=None): + request = prepare_request(next_link) + + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + return response + + # Deserialize response + header_dict = None + if raw: + header_dict = {} + deserialized = models.AlertsSuppressionRulePaged(internal_paging, self._deserialize.dependencies, header_dict) + + return deserialized + list.metadata = {'url': '/subscriptions/{subscriptionId}/providers/Microsoft.Security/alertsSuppressionRules'} + + def get( + self, alerts_suppression_rule_name, custom_headers=None, raw=False, **operation_config): + """Get dismiss rule, with name: {alertsSuppressionRuleName}, for the given + subscription. + + :param alerts_suppression_rule_name: The unique name of the + suppression alert rule + :type alerts_suppression_rule_name: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: AlertsSuppressionRule or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.security.models.AlertsSuppressionRule or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.get.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'alertsSuppressionRuleName': self._serialize.url("alerts_suppression_rule_name", alerts_suppression_rule_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('AlertsSuppressionRule', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + get.metadata = {'url': '/subscriptions/{subscriptionId}/providers/Microsoft.Security/alertsSuppressionRules/{alertsSuppressionRuleName}'} + + def update( + self, alerts_suppression_rule_name, alerts_suppression_rule, custom_headers=None, raw=False, **operation_config): + """Update existing rule or create new rule if it doesn't exist. + + :param alerts_suppression_rule_name: The unique name of the + suppression alert rule + :type alerts_suppression_rule_name: str + :param alerts_suppression_rule: Suppression rule object + :type alerts_suppression_rule: + ~azure.mgmt.security.models.AlertsSuppressionRule + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: AlertsSuppressionRule or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.security.models.AlertsSuppressionRule or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.update.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'alertsSuppressionRuleName': self._serialize.url("alerts_suppression_rule_name", alerts_suppression_rule_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct body + body_content = self._serialize.body(alerts_suppression_rule, 'AlertsSuppressionRule') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('AlertsSuppressionRule', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + update.metadata = {'url': '/subscriptions/{subscriptionId}/providers/Microsoft.Security/alertsSuppressionRules/{alertsSuppressionRuleName}'} + + def delete( + self, alerts_suppression_rule_name, custom_headers=None, raw=False, **operation_config): + """Delete dismiss alert rule for this subscription. + + :param alerts_suppression_rule_name: The unique name of the + suppression alert rule + :type alerts_suppression_rule_name: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: None or ClientRawResponse if raw=true + :rtype: None or ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.delete.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'alertsSuppressionRuleName': self._serialize.url("alerts_suppression_rule_name", alerts_suppression_rule_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [204]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + if raw: + client_raw_response = ClientRawResponse(None, response) + return client_raw_response + delete.metadata = {'url': '/subscriptions/{subscriptionId}/providers/Microsoft.Security/alertsSuppressionRules/{alertsSuppressionRuleName}'} diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_allowed_connections_operations.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_allowed_connections_operations.py index 8aa4cd8ba546..556439428be3 100644 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_allowed_connections_operations.py +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_allowed_connections_operations.py @@ -25,7 +25,7 @@ class AllowedConnectionsOperations(object): :param config: Configuration of service client. :param serializer: An object model serializer. :param deserializer: An object model deserializer. - :ivar api_version: API version for the operation. Constant value: "2015-06-01-preview". + :ivar api_version: API version for the operation. Constant value: "2020-01-01". """ models = models @@ -35,7 +35,7 @@ def __init__(self, client, config, serializer, deserializer): self._client = client self._serialize = serializer self._deserialize = deserializer - self.api_version = "2015-06-01-preview" + self.api_version = "2020-01-01" self.config = config diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_assessments_metadata_operations.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_assessments_metadata_operations.py new file mode 100644 index 000000000000..9a5350d93fa9 --- /dev/null +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_assessments_metadata_operations.py @@ -0,0 +1,407 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +import uuid +from msrest.pipeline import ClientRawResponse +from msrestazure.azure_exceptions import CloudError + +from .. import models + + +class AssessmentsMetadataOperations(object): + """AssessmentsMetadataOperations operations. + + You should not instantiate directly this class, but create a Client instance that will create it for you and attach it as attribute. + + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + :ivar api_version: API version for the operation. Constant value: "2020-01-01". + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self.api_version = "2020-01-01" + + self.config = config + + def list( + self, custom_headers=None, raw=False, **operation_config): + """Get metadata information on all assessment types. + + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: An iterator like instance of SecurityAssessmentMetadata + :rtype: + ~azure.mgmt.security.models.SecurityAssessmentMetadataPaged[~azure.mgmt.security.models.SecurityAssessmentMetadata] + :raises: :class:`CloudError` + """ + def prepare_request(next_link=None): + if not next_link: + # Construct URL + url = self.list.metadata['url'] + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + query_parameters = {} + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def internal_paging(next_link=None): + request = prepare_request(next_link) + + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + return response + + # Deserialize response + header_dict = None + if raw: + header_dict = {} + deserialized = models.SecurityAssessmentMetadataPaged(internal_paging, self._deserialize.dependencies, header_dict) + + return deserialized + list.metadata = {'url': '/providers/Microsoft.Security/assessmentMetadata'} + + def get( + self, assessment_metadata_name, custom_headers=None, raw=False, **operation_config): + """Get metadata information on an assessment type. + + :param assessment_metadata_name: The Assessment Key - Unique key for + the assessment type + :type assessment_metadata_name: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: SecurityAssessmentMetadata or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.security.models.SecurityAssessmentMetadata or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.get.metadata['url'] + path_format_arguments = { + 'assessmentMetadataName': self._serialize.url("assessment_metadata_name", assessment_metadata_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SecurityAssessmentMetadata', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + get.metadata = {'url': '/providers/Microsoft.Security/assessmentMetadata/{assessmentMetadataName}'} + + def list_by_subscription( + self, custom_headers=None, raw=False, **operation_config): + """Get metadata information on all assessment types in a specific + subscription. + + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: An iterator like instance of SecurityAssessmentMetadata + :rtype: + ~azure.mgmt.security.models.SecurityAssessmentMetadataPaged[~azure.mgmt.security.models.SecurityAssessmentMetadata] + :raises: :class:`CloudError` + """ + def prepare_request(next_link=None): + if not next_link: + # Construct URL + url = self.list_by_subscription.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + query_parameters = {} + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def internal_paging(next_link=None): + request = prepare_request(next_link) + + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + return response + + # Deserialize response + header_dict = None + if raw: + header_dict = {} + deserialized = models.SecurityAssessmentMetadataPaged(internal_paging, self._deserialize.dependencies, header_dict) + + return deserialized + list_by_subscription.metadata = {'url': '/subscriptions/{subscriptionId}/providers/Microsoft.Security/assessmentMetadata'} + + def get_in_subscription( + self, assessment_metadata_name, custom_headers=None, raw=False, **operation_config): + """Get metadata information on an assessment type in a specific + subscription. + + :param assessment_metadata_name: The Assessment Key - Unique key for + the assessment type + :type assessment_metadata_name: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: SecurityAssessmentMetadata or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.security.models.SecurityAssessmentMetadata or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.get_in_subscription.metadata['url'] + path_format_arguments = { + 'assessmentMetadataName': self._serialize.url("assessment_metadata_name", assessment_metadata_name, 'str'), + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SecurityAssessmentMetadata', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + get_in_subscription.metadata = {'url': '/subscriptions/{subscriptionId}/providers/Microsoft.Security/assessmentMetadata/{assessmentMetadataName}'} + + def create_in_subscription( + self, assessment_metadata_name, assessment_metadata, custom_headers=None, raw=False, **operation_config): + """Create metadata information on an assessment type in a specific + subscription. + + :param assessment_metadata_name: The Assessment Key - Unique key for + the assessment type + :type assessment_metadata_name: str + :param assessment_metadata: AssessmentMetadata object + :type assessment_metadata: + ~azure.mgmt.security.models.SecurityAssessmentMetadata + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: SecurityAssessmentMetadata or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.security.models.SecurityAssessmentMetadata or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.create_in_subscription.metadata['url'] + path_format_arguments = { + 'assessmentMetadataName': self._serialize.url("assessment_metadata_name", assessment_metadata_name, 'str'), + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct body + body_content = self._serialize.body(assessment_metadata, 'SecurityAssessmentMetadata') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SecurityAssessmentMetadata', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + create_in_subscription.metadata = {'url': '/subscriptions/{subscriptionId}/providers/Microsoft.Security/assessmentMetadata/{assessmentMetadataName}'} + + def delete_in_subscription( + self, assessment_metadata_name, custom_headers=None, raw=False, **operation_config): + """Delete metadata information on an assessment type in a specific + subscription, will cause the deletion of all the assessments of that + type in that subscription. + + :param assessment_metadata_name: The Assessment Key - Unique key for + the assessment type + :type assessment_metadata_name: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: None or ClientRawResponse if raw=true + :rtype: None or ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.delete_in_subscription.metadata['url'] + path_format_arguments = { + 'assessmentMetadataName': self._serialize.url("assessment_metadata_name", assessment_metadata_name, 'str'), + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + if raw: + client_raw_response = ClientRawResponse(None, response) + return client_raw_response + delete_in_subscription.metadata = {'url': '/subscriptions/{subscriptionId}/providers/Microsoft.Security/assessmentMetadata/{assessmentMetadataName}'} diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_assessments_operations.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_assessments_operations.py new file mode 100644 index 000000000000..d20700d79433 --- /dev/null +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_assessments_operations.py @@ -0,0 +1,303 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +import uuid +from msrest.pipeline import ClientRawResponse +from msrestazure.azure_exceptions import CloudError + +from .. import models + + +class AssessmentsOperations(object): + """AssessmentsOperations operations. + + You should not instantiate directly this class, but create a Client instance that will create it for you and attach it as attribute. + + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + :ivar api_version: API version for the operation. Constant value: "2020-01-01". + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self.api_version = "2020-01-01" + + self.config = config + + def list( + self, scope, custom_headers=None, raw=False, **operation_config): + """Get security assessments on all your scanned resources inside a scope. + + :param scope: Scope of the query, can be subscription + (/subscriptions/0b06d9ea-afe6-4779-bd59-30e5c2d9d13f) or management + group (/providers/Microsoft.Management/managementGroups/mgName). + :type scope: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: An iterator like instance of SecurityAssessment + :rtype: + ~azure.mgmt.security.models.SecurityAssessmentPaged[~azure.mgmt.security.models.SecurityAssessment] + :raises: :class:`CloudError` + """ + def prepare_request(next_link=None): + if not next_link: + # Construct URL + url = self.list.metadata['url'] + path_format_arguments = { + 'scope': self._serialize.url("scope", scope, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + query_parameters = {} + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def internal_paging(next_link=None): + request = prepare_request(next_link) + + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + return response + + # Deserialize response + header_dict = None + if raw: + header_dict = {} + deserialized = models.SecurityAssessmentPaged(internal_paging, self._deserialize.dependencies, header_dict) + + return deserialized + list.metadata = {'url': '/{scope}/providers/Microsoft.Security/assessments'} + + def get( + self, resource_id, assessment_name, expand=None, custom_headers=None, raw=False, **operation_config): + """Get a security assessment on your scanned resource. + + :param resource_id: The identifier of the resource. + :type resource_id: str + :param assessment_name: The Assessment Key - Unique key for the + assessment type + :type assessment_name: str + :param expand: OData expand. Optional. Possible values include: + 'links', 'metadata' + :type expand: str or ~azure.mgmt.security.models.ExpandEnum + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: SecurityAssessment or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.security.models.SecurityAssessment or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.get.metadata['url'] + path_format_arguments = { + 'resourceId': self._serialize.url("resource_id", resource_id, 'str'), + 'assessmentName': self._serialize.url("assessment_name", assessment_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + if expand is not None: + query_parameters['$expand'] = self._serialize.query("expand", expand, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SecurityAssessment', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + get.metadata = {'url': '/{resourceId}/providers/Microsoft.Security/assessments/{assessmentName}'} + + def create_or_update( + self, resource_id, assessment_name, assessment, custom_headers=None, raw=False, **operation_config): + """Create a security assessment on your resource. An assessment metadata + that describes this assessment must be predefined with the same name + before inserting the assessment result. + + :param resource_id: The identifier of the resource. + :type resource_id: str + :param assessment_name: The Assessment Key - Unique key for the + assessment type + :type assessment_name: str + :param assessment: Calculated assessment on a pre-defined assessment + metadata + :type assessment: ~azure.mgmt.security.models.SecurityAssessment + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: SecurityAssessment or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.security.models.SecurityAssessment or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.create_or_update.metadata['url'] + path_format_arguments = { + 'resourceId': self._serialize.url("resource_id", resource_id, 'str'), + 'assessmentName': self._serialize.url("assessment_name", assessment_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct body + body_content = self._serialize.body(assessment, 'SecurityAssessment') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200, 201]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SecurityAssessment', response) + if response.status_code == 201: + deserialized = self._deserialize('SecurityAssessment', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + create_or_update.metadata = {'url': '/{resourceId}/providers/Microsoft.Security/assessments/{assessmentName}'} + + def delete( + self, resource_id, assessment_name, custom_headers=None, raw=False, **operation_config): + """Delete a security assessment on your resource. An assessment metadata + that describes this assessment must be predefined with the same name + before inserting the assessment result. + + :param resource_id: The identifier of the resource. + :type resource_id: str + :param assessment_name: The Assessment Key - Unique key for the + assessment type + :type assessment_name: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: None or ClientRawResponse if raw=true + :rtype: None or ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.delete.metadata['url'] + path_format_arguments = { + 'resourceId': self._serialize.url("resource_id", resource_id, 'str'), + 'assessmentName': self._serialize.url("assessment_name", assessment_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200, 204]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + if raw: + client_raw_response = ClientRawResponse(None, response) + return client_raw_response + delete.metadata = {'url': '/{resourceId}/providers/Microsoft.Security/assessments/{assessmentName}'} diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_automations_operations.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_automations_operations.py new file mode 100644 index 000000000000..e2b432ba4be7 --- /dev/null +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_automations_operations.py @@ -0,0 +1,437 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +import uuid +from msrest.pipeline import ClientRawResponse +from msrestazure.azure_exceptions import CloudError + +from .. import models + + +class AutomationsOperations(object): + """AutomationsOperations operations. + + You should not instantiate directly this class, but create a Client instance that will create it for you and attach it as attribute. + + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + :ivar api_version: API version for the operation. Constant value: "2019-01-01-preview". + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self.api_version = "2019-01-01-preview" + + self.config = config + + def list( + self, custom_headers=None, raw=False, **operation_config): + """Lists all the security automations in the specified subscription. Use + the 'nextLink' property in the response to get the next page of + security automations for the specified subscription. + + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: An iterator like instance of Automation + :rtype: + ~azure.mgmt.security.models.AutomationPaged[~azure.mgmt.security.models.Automation] + :raises: :class:`CloudError` + """ + def prepare_request(next_link=None): + if not next_link: + # Construct URL + url = self.list.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + query_parameters = {} + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def internal_paging(next_link=None): + request = prepare_request(next_link) + + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + return response + + # Deserialize response + header_dict = None + if raw: + header_dict = {} + deserialized = models.AutomationPaged(internal_paging, self._deserialize.dependencies, header_dict) + + return deserialized + list.metadata = {'url': '/subscriptions/{subscriptionId}/providers/Microsoft.Security/automations'} + + def list_by_resource_group( + self, resource_group_name, custom_headers=None, raw=False, **operation_config): + """Lists all the security automations in the specified resource group. Use + the 'nextLink' property in the response to get the next page of + security automations for the specified resource group. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: An iterator like instance of Automation + :rtype: + ~azure.mgmt.security.models.AutomationPaged[~azure.mgmt.security.models.Automation] + :raises: :class:`CloudError` + """ + def prepare_request(next_link=None): + if not next_link: + # Construct URL + url = self.list_by_resource_group.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + query_parameters = {} + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def internal_paging(next_link=None): + request = prepare_request(next_link) + + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + return response + + # Deserialize response + header_dict = None + if raw: + header_dict = {} + deserialized = models.AutomationPaged(internal_paging, self._deserialize.dependencies, header_dict) + + return deserialized + list_by_resource_group.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/automations'} + + def get( + self, resource_group_name, automation_name, custom_headers=None, raw=False, **operation_config): + """Retrieves information about the model of a security automation. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param automation_name: The security automation name. + :type automation_name: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: Automation or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.security.models.Automation or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.get.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'automationName': self._serialize.url("automation_name", automation_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('Automation', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/automations/{automationName}'} + + def create_or_update( + self, resource_group_name, automation_name, automation, custom_headers=None, raw=False, **operation_config): + """Creates or updates a security automation. If a security automation is + already created and a subsequent request is issued for the same + automation id, then it will be updated. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param automation_name: The security automation name. + :type automation_name: str + :param automation: The security automation resource + :type automation: ~azure.mgmt.security.models.Automation + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: Automation or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.security.models.Automation or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.create_or_update.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'automationName': self._serialize.url("automation_name", automation_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct body + body_content = self._serialize.body(automation, 'Automation') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200, 201]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('Automation', response) + if response.status_code == 201: + deserialized = self._deserialize('Automation', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/automations/{automationName}'} + + def delete( + self, resource_group_name, automation_name, custom_headers=None, raw=False, **operation_config): + """Deletes a security automation. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param automation_name: The security automation name. + :type automation_name: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: None or ClientRawResponse if raw=true + :rtype: None or ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.delete.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'automationName': self._serialize.url("automation_name", automation_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [204]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + if raw: + client_raw_response = ClientRawResponse(None, response) + return client_raw_response + delete.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/automations/{automationName}'} + + def validate( + self, resource_group_name, automation_name, automation, custom_headers=None, raw=False, **operation_config): + """Validates the security automation model before create or update. Any + validation errors are returned to the client. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param automation_name: The security automation name. + :type automation_name: str + :param automation: The security automation resource + :type automation: ~azure.mgmt.security.models.Automation + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: AutomationValidationStatus or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.security.models.AutomationValidationStatus or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.validate.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'automationName': self._serialize.url("automation_name", automation_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct body + body_content = self._serialize.body(automation, 'Automation') + + # Construct and send request + request = self._client.post(url, query_parameters, header_parameters, body_content) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('AutomationValidationStatus', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + validate.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/automations/{automationName}/validate'} diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_device_security_groups_operations.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_device_security_groups_operations.py new file mode 100644 index 000000000000..581733e3c324 --- /dev/null +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_device_security_groups_operations.py @@ -0,0 +1,298 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +import uuid +from msrest.pipeline import ClientRawResponse +from msrestazure.azure_exceptions import CloudError + +from .. import models + + +class DeviceSecurityGroupsOperations(object): + """DeviceSecurityGroupsOperations operations. + + You should not instantiate directly this class, but create a Client instance that will create it for you and attach it as attribute. + + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + :ivar api_version: API version for the operation. Constant value: "2019-08-01". + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self.api_version = "2019-08-01" + + self.config = config + + def list( + self, resource_id, custom_headers=None, raw=False, **operation_config): + """Use this method get the list of device security groups for the + specified IoT Hub resource. + + :param resource_id: The identifier of the resource. + :type resource_id: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: An iterator like instance of DeviceSecurityGroup + :rtype: + ~azure.mgmt.security.models.DeviceSecurityGroupPaged[~azure.mgmt.security.models.DeviceSecurityGroup] + :raises: :class:`CloudError` + """ + def prepare_request(next_link=None): + if not next_link: + # Construct URL + url = self.list.metadata['url'] + path_format_arguments = { + 'resourceId': self._serialize.url("resource_id", resource_id, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + query_parameters = {} + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def internal_paging(next_link=None): + request = prepare_request(next_link) + + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + return response + + # Deserialize response + header_dict = None + if raw: + header_dict = {} + deserialized = models.DeviceSecurityGroupPaged(internal_paging, self._deserialize.dependencies, header_dict) + + return deserialized + list.metadata = {'url': '/{resourceId}/providers/Microsoft.Security/deviceSecurityGroups'} + + def get( + self, resource_id, device_security_group_name, custom_headers=None, raw=False, **operation_config): + """Use this method to get the device security group for the specified IoT + Hub resource. + + :param resource_id: The identifier of the resource. + :type resource_id: str + :param device_security_group_name: The name of the device security + group. Note that the name of the device security group is case + insensitive. + :type device_security_group_name: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: DeviceSecurityGroup or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.security.models.DeviceSecurityGroup or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.get.metadata['url'] + path_format_arguments = { + 'resourceId': self._serialize.url("resource_id", resource_id, 'str'), + 'deviceSecurityGroupName': self._serialize.url("device_security_group_name", device_security_group_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeviceSecurityGroup', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + get.metadata = {'url': '/{resourceId}/providers/Microsoft.Security/deviceSecurityGroups/{deviceSecurityGroupName}'} + + def create_or_update( + self, resource_id, device_security_group_name, device_security_group, custom_headers=None, raw=False, **operation_config): + """Use this method to creates or updates the device security group on a + specified IoT Hub resource. + + :param resource_id: The identifier of the resource. + :type resource_id: str + :param device_security_group_name: The name of the device security + group. Note that the name of the device security group is case + insensitive. + :type device_security_group_name: str + :param device_security_group: Security group object. + :type device_security_group: + ~azure.mgmt.security.models.DeviceSecurityGroup + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: DeviceSecurityGroup or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.security.models.DeviceSecurityGroup or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.create_or_update.metadata['url'] + path_format_arguments = { + 'resourceId': self._serialize.url("resource_id", resource_id, 'str'), + 'deviceSecurityGroupName': self._serialize.url("device_security_group_name", device_security_group_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct body + body_content = self._serialize.body(device_security_group, 'DeviceSecurityGroup') + + # Construct and send request + request = self._client.put(url, query_parameters, header_parameters, body_content) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200, 201]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('DeviceSecurityGroup', response) + if response.status_code == 201: + deserialized = self._deserialize('DeviceSecurityGroup', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + create_or_update.metadata = {'url': '/{resourceId}/providers/Microsoft.Security/deviceSecurityGroups/{deviceSecurityGroupName}'} + + def delete( + self, resource_id, device_security_group_name, custom_headers=None, raw=False, **operation_config): + """User this method to deletes the device security group. + + :param resource_id: The identifier of the resource. + :type resource_id: str + :param device_security_group_name: The name of the device security + group. Note that the name of the device security group is case + insensitive. + :type device_security_group_name: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: None or ClientRawResponse if raw=true + :rtype: None or ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.delete.metadata['url'] + path_format_arguments = { + 'resourceId': self._serialize.url("resource_id", resource_id, 'str'), + 'deviceSecurityGroupName': self._serialize.url("device_security_group_name", device_security_group_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.delete(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200, 204]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + if raw: + client_raw_response = ClientRawResponse(None, response) + return client_raw_response + delete.metadata = {'url': '/{resourceId}/providers/Microsoft.Security/deviceSecurityGroups/{deviceSecurityGroupName}'} diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_discovered_security_solutions_operations.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_discovered_security_solutions_operations.py index bd553e4567fd..eea089387375 100644 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_discovered_security_solutions_operations.py +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_discovered_security_solutions_operations.py @@ -25,7 +25,7 @@ class DiscoveredSecuritySolutionsOperations(object): :param config: Configuration of service client. :param serializer: An object model serializer. :param deserializer: An object model deserializer. - :ivar api_version: API version for the operation. Constant value: "2015-06-01-preview". + :ivar api_version: API version for the operation. Constant value: "2020-01-01". """ models = models @@ -35,7 +35,7 @@ def __init__(self, client, config, serializer, deserializer): self._client = client self._serialize = serializer self._deserialize = deserializer - self.api_version = "2015-06-01-preview" + self.api_version = "2020-01-01" self.config = config diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_external_security_solutions_operations.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_external_security_solutions_operations.py index 69b6019e5e25..338fe0a9f69b 100644 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_external_security_solutions_operations.py +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_external_security_solutions_operations.py @@ -25,7 +25,7 @@ class ExternalSecuritySolutionsOperations(object): :param config: Configuration of service client. :param serializer: An object model serializer. :param deserializer: An object model deserializer. - :ivar api_version: API version for the operation. Constant value: "2015-06-01-preview". + :ivar api_version: API version for the operation. Constant value: "2020-01-01". """ models = models @@ -35,7 +35,7 @@ def __init__(self, client, config, serializer, deserializer): self._client = client self._serialize = serializer self._deserialize = deserializer - self.api_version = "2015-06-01-preview" + self.api_version = "2020-01-01" self.config = config diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_information_protection_policies_operations.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_information_protection_policies_operations.py index 9ee97c1bbf93..76f6181dd554 100644 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_information_protection_policies_operations.py +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_information_protection_policies_operations.py @@ -103,7 +103,7 @@ def get( get.metadata = {'url': '/{scope}/providers/Microsoft.Security/informationProtectionPolicies/{informationProtectionPolicyName}'} def create_or_update( - self, scope, information_protection_policy_name, custom_headers=None, raw=False, **operation_config): + self, scope, information_protection_policy_name, labels=None, information_types=None, custom_headers=None, raw=False, **operation_config): """Details of the information protection policy. :param scope: Scope of the query, can be subscription @@ -113,6 +113,11 @@ def create_or_update( :param information_protection_policy_name: Name of the information protection policy. Possible values include: 'effective', 'custom' :type information_protection_policy_name: str + :param labels: Dictionary of sensitivity labels. + :type labels: dict[str, ~azure.mgmt.security.models.SensitivityLabel] + :param information_types: The sensitivity information types. + :type information_types: dict[str, + ~azure.mgmt.security.models.InformationType] :param dict custom_headers: headers that will be added to the request :param bool raw: returns the direct response alongside the deserialized response @@ -123,6 +128,8 @@ def create_or_update( ~msrest.pipeline.ClientRawResponse :raises: :class:`CloudError` """ + information_protection_policy = models.InformationProtectionPolicy(labels=labels, information_types=information_types) + # Construct URL url = self.create_or_update.metadata['url'] path_format_arguments = { @@ -138,6 +145,7 @@ def create_or_update( # Construct headers header_parameters = {} header_parameters['Accept'] = 'application/json' + header_parameters['Content-Type'] = 'application/json; charset=utf-8' if self.config.generate_client_request_id: header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) if custom_headers: @@ -145,8 +153,11 @@ def create_or_update( if self.config.accept_language is not None: header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + # Construct body + body_content = self._serialize.body(information_protection_policy, 'InformationProtectionPolicy') + # Construct and send request - request = self._client.put(url, query_parameters, header_parameters) + request = self._client.put(url, query_parameters, header_parameters, body_content) response = self._client.send(request, stream=False, **operation_config) if response.status_code not in [200, 201]: diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_io_tsecurity_solutions_analytics_aggregated_alerts_operations.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_io_tsecurity_solutions_analytics_aggregated_alerts_operations.py deleted file mode 100644 index 8e47ea54d879..000000000000 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_io_tsecurity_solutions_analytics_aggregated_alerts_operations.py +++ /dev/null @@ -1,117 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for -# license information. -# -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is -# regenerated. -# -------------------------------------------------------------------------- - -import uuid -from msrest.pipeline import ClientRawResponse -from msrestazure.azure_exceptions import CloudError - -from .. import models - - -class IoTSecuritySolutionsAnalyticsAggregatedAlertsOperations(object): - """IoTSecuritySolutionsAnalyticsAggregatedAlertsOperations operations. - - You should not instantiate directly this class, but create a Client instance that will create it for you and attach it as attribute. - - :param client: Client for service requests. - :param config: Configuration of service client. - :param serializer: An object model serializer. - :param deserializer: An object model deserializer. - :ivar api_version: API version for the operation. Constant value: "2019-08-01". - """ - - models = models - - def __init__(self, client, config, serializer, deserializer): - - self._client = client - self._serialize = serializer - self._deserialize = deserializer - self.api_version = "2019-08-01" - - self.config = config - - def list( - self, resource_group_name, solution_name, top=None, custom_headers=None, raw=False, **operation_config): - """Security Analytics of a security solution. - - :param resource_group_name: The name of the resource group within the - user's subscription. The name is case insensitive. - :type resource_group_name: str - :param solution_name: The solution manager name - :type solution_name: str - :param top: The number of results to retrieve. - :type top: int - :param dict custom_headers: headers that will be added to the request - :param bool raw: returns the direct response alongside the - deserialized response - :param operation_config: :ref:`Operation configuration - overrides`. - :return: An iterator like instance of IoTSecurityAggregatedAlert - :rtype: - ~azure.mgmt.security.models.IoTSecurityAggregatedAlertPaged[~azure.mgmt.security.models.IoTSecurityAggregatedAlert] - :raises: :class:`CloudError` - """ - def prepare_request(next_link=None): - if not next_link: - # Construct URL - url = self.list.metadata['url'] - path_format_arguments = { - 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), - 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), - 'solutionName': self._serialize.url("solution_name", solution_name, 'str') - } - url = self._client.format_url(url, **path_format_arguments) - - # Construct parameters - query_parameters = {} - query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') - if top is not None: - query_parameters['$top'] = self._serialize.query("top", top, 'int') - - else: - url = next_link - query_parameters = {} - - # Construct headers - header_parameters = {} - header_parameters['Accept'] = 'application/json' - if self.config.generate_client_request_id: - header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) - if custom_headers: - header_parameters.update(custom_headers) - if self.config.accept_language is not None: - header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') - - # Construct and send request - request = self._client.get(url, query_parameters, header_parameters) - return request - - def internal_paging(next_link=None): - request = prepare_request(next_link) - - response = self._client.send(request, stream=False, **operation_config) - - if response.status_code not in [200]: - exp = CloudError(response) - exp.request_id = response.headers.get('x-ms-request-id') - raise exp - - return response - - # Deserialize response - header_dict = None - if raw: - header_dict = {} - deserialized = models.IoTSecurityAggregatedAlertPaged(internal_paging, self._deserialize.dependencies, header_dict) - - return deserialized - list.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/analyticsModels/default/aggregatedAlerts'} diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_io_tsecurity_solutions_analytics_recommendation_operations.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_io_tsecurity_solutions_analytics_recommendation_operations.py deleted file mode 100644 index 3e251e9f060e..000000000000 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_io_tsecurity_solutions_analytics_recommendation_operations.py +++ /dev/null @@ -1,108 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for -# license information. -# -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is -# regenerated. -# -------------------------------------------------------------------------- - -import uuid -from msrest.pipeline import ClientRawResponse -from msrestazure.azure_exceptions import CloudError - -from .. import models - - -class IoTSecuritySolutionsAnalyticsRecommendationOperations(object): - """IoTSecuritySolutionsAnalyticsRecommendationOperations operations. - - You should not instantiate directly this class, but create a Client instance that will create it for you and attach it as attribute. - - :param client: Client for service requests. - :param config: Configuration of service client. - :param serializer: An object model serializer. - :param deserializer: An object model deserializer. - :ivar api_version: API version for the operation. Constant value: "2019-08-01". - """ - - models = models - - def __init__(self, client, config, serializer, deserializer): - - self._client = client - self._serialize = serializer - self._deserialize = deserializer - self.api_version = "2019-08-01" - - self.config = config - - def get( - self, resource_group_name, solution_name, aggregated_recommendation_name, custom_headers=None, raw=False, **operation_config): - """Security Analytics of a security solution. - - :param resource_group_name: The name of the resource group within the - user's subscription. The name is case insensitive. - :type resource_group_name: str - :param solution_name: The solution manager name - :type solution_name: str - :param aggregated_recommendation_name: Identifier of the aggregated - recommendation - :type aggregated_recommendation_name: str - :param dict custom_headers: headers that will be added to the request - :param bool raw: returns the direct response alongside the - deserialized response - :param operation_config: :ref:`Operation configuration - overrides`. - :return: IoTSecurityAggregatedRecommendation or ClientRawResponse if - raw=true - :rtype: - ~azure.mgmt.security.models.IoTSecurityAggregatedRecommendation or - ~msrest.pipeline.ClientRawResponse - :raises: :class:`CloudError` - """ - # Construct URL - url = self.get.metadata['url'] - path_format_arguments = { - 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), - 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), - 'solutionName': self._serialize.url("solution_name", solution_name, 'str'), - 'aggregatedRecommendationName': self._serialize.url("aggregated_recommendation_name", aggregated_recommendation_name, 'str') - } - url = self._client.format_url(url, **path_format_arguments) - - # Construct parameters - query_parameters = {} - query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') - - # Construct headers - header_parameters = {} - header_parameters['Accept'] = 'application/json' - if self.config.generate_client_request_id: - header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) - if custom_headers: - header_parameters.update(custom_headers) - if self.config.accept_language is not None: - header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') - - # Construct and send request - request = self._client.get(url, query_parameters, header_parameters) - response = self._client.send(request, stream=False, **operation_config) - - if response.status_code not in [200]: - exp = CloudError(response) - exp.request_id = response.headers.get('x-ms-request-id') - raise exp - - deserialized = None - if response.status_code == 200: - deserialized = self._deserialize('IoTSecurityAggregatedRecommendation', response) - - if raw: - client_raw_response = ClientRawResponse(deserialized, response) - return client_raw_response - - return deserialized - get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/analyticsModels/default/aggregatedRecommendations/{aggregatedRecommendationName}'} diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_io_tsecurity_solutions_resource_group_operations.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_io_tsecurity_solutions_resource_group_operations.py deleted file mode 100644 index 1536a6eb452c..000000000000 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_io_tsecurity_solutions_resource_group_operations.py +++ /dev/null @@ -1,115 +0,0 @@ -# coding=utf-8 -# -------------------------------------------------------------------------- -# Copyright (c) Microsoft Corporation. All rights reserved. -# Licensed under the MIT License. See License.txt in the project root for -# license information. -# -# Code generated by Microsoft (R) AutoRest Code Generator. -# Changes may cause incorrect behavior and will be lost if the code is -# regenerated. -# -------------------------------------------------------------------------- - -import uuid -from msrest.pipeline import ClientRawResponse -from msrestazure.azure_exceptions import CloudError - -from .. import models - - -class IoTSecuritySolutionsResourceGroupOperations(object): - """IoTSecuritySolutionsResourceGroupOperations operations. - - You should not instantiate directly this class, but create a Client instance that will create it for you and attach it as attribute. - - :param client: Client for service requests. - :param config: Configuration of service client. - :param serializer: An object model serializer. - :param deserializer: An object model deserializer. - :ivar api_version: API version for the operation. Constant value: "2019-08-01". - """ - - models = models - - def __init__(self, client, config, serializer, deserializer): - - self._client = client - self._serialize = serializer - self._deserialize = deserializer - self.api_version = "2019-08-01" - - self.config = config - - def list( - self, resource_group_name, filter=None, custom_headers=None, raw=False, **operation_config): - """List of security solutions. - - :param resource_group_name: The name of the resource group within the - user's subscription. The name is case insensitive. - :type resource_group_name: str - :param filter: filter the Security Solution with OData syntax. - supporting filter by iotHubs - :type filter: str - :param dict custom_headers: headers that will be added to the request - :param bool raw: returns the direct response alongside the - deserialized response - :param operation_config: :ref:`Operation configuration - overrides`. - :return: An iterator like instance of IoTSecuritySolutionModel - :rtype: - ~azure.mgmt.security.models.IoTSecuritySolutionModelPaged[~azure.mgmt.security.models.IoTSecuritySolutionModel] - :raises: :class:`CloudError` - """ - def prepare_request(next_link=None): - if not next_link: - # Construct URL - url = self.list.metadata['url'] - path_format_arguments = { - 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), - 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$') - } - url = self._client.format_url(url, **path_format_arguments) - - # Construct parameters - query_parameters = {} - query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') - if filter is not None: - query_parameters['$filter'] = self._serialize.query("filter", filter, 'str') - - else: - url = next_link - query_parameters = {} - - # Construct headers - header_parameters = {} - header_parameters['Accept'] = 'application/json' - if self.config.generate_client_request_id: - header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) - if custom_headers: - header_parameters.update(custom_headers) - if self.config.accept_language is not None: - header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') - - # Construct and send request - request = self._client.get(url, query_parameters, header_parameters) - return request - - def internal_paging(next_link=None): - request = prepare_request(next_link) - - response = self._client.send(request, stream=False, **operation_config) - - if response.status_code not in [200]: - exp = CloudError(response) - exp.request_id = response.headers.get('x-ms-request-id') - raise exp - - return response - - # Deserialize response - header_dict = None - if raw: - header_dict = {} - deserialized = models.IoTSecuritySolutionModelPaged(internal_paging, self._deserialize.dependencies, header_dict) - - return deserialized - list.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions'} diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_io_tsecurity_solutions_analytics_operations.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_iot_security_solution_analytics_operations.py similarity index 89% rename from sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_io_tsecurity_solutions_analytics_operations.py rename to sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_iot_security_solution_analytics_operations.py index 70e6b43692b5..a7ee65858d04 100644 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_io_tsecurity_solutions_analytics_operations.py +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_iot_security_solution_analytics_operations.py @@ -16,8 +16,8 @@ from .. import models -class IoTSecuritySolutionsAnalyticsOperations(object): - """IoTSecuritySolutionsAnalyticsOperations operations. +class IotSecuritySolutionAnalyticsOperations(object): + """IotSecuritySolutionAnalyticsOperations operations. You should not instantiate directly this class, but create a Client instance that will create it for you and attach it as attribute. @@ -39,14 +39,14 @@ def __init__(self, client, config, serializer, deserializer): self.config = config - def get_all( + def list( self, resource_group_name, solution_name, custom_headers=None, raw=False, **operation_config): - """Security Analytics of a security solution. + """Use this method to get IoT security Analytics metrics in an array. :param resource_group_name: The name of the resource group within the user's subscription. The name is case insensitive. :type resource_group_name: str - :param solution_name: The solution manager name + :param solution_name: The name of the IoT Security solution. :type solution_name: str :param dict custom_headers: headers that will be added to the request :param bool raw: returns the direct response alongside the @@ -61,7 +61,7 @@ def get_all( :raises: :class:`CloudError` """ # Construct URL - url = self.get_all.metadata['url'] + url = self.list.metadata['url'] path_format_arguments = { 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), @@ -101,16 +101,16 @@ def get_all( return client_raw_response return deserialized - get_all.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/analyticsModels'} + list.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/analyticsModels'} - def get_default( + def get( self, resource_group_name, solution_name, custom_headers=None, raw=False, **operation_config): - """Security Analytics of a security solution. + """Use this method to get IoT Security Analytics metrics. :param resource_group_name: The name of the resource group within the user's subscription. The name is case insensitive. :type resource_group_name: str - :param solution_name: The solution manager name + :param solution_name: The name of the IoT Security solution. :type solution_name: str :param dict custom_headers: headers that will be added to the request :param bool raw: returns the direct response alongside the @@ -124,7 +124,7 @@ def get_default( :raises: :class:`CloudError` """ # Construct URL - url = self.get_default.metadata['url'] + url = self.get.metadata['url'] path_format_arguments = { 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), @@ -164,4 +164,4 @@ def get_default( return client_raw_response return deserialized - get_default.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/analyticsModels/default'} + get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/analyticsModels/default'} diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_iot_security_solution_operations.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_iot_security_solution_operations.py index 3a3c15481184..8a820da44265 100644 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_iot_security_solution_operations.py +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_iot_security_solution_operations.py @@ -39,14 +39,163 @@ def __init__(self, client, config, serializer, deserializer): self.config = config + def list_by_subscription( + self, filter=None, custom_headers=None, raw=False, **operation_config): + """Use this method to get the list of IoT Security solutions by + subscription. + + :param filter: Filter the IoT Security solution with OData syntax. + Supports filtering by iotHubs. + :type filter: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: An iterator like instance of IoTSecuritySolutionModel + :rtype: + ~azure.mgmt.security.models.IoTSecuritySolutionModelPaged[~azure.mgmt.security.models.IoTSecuritySolutionModel] + :raises: :class:`CloudError` + """ + def prepare_request(next_link=None): + if not next_link: + # Construct URL + url = self.list_by_subscription.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + if filter is not None: + query_parameters['$filter'] = self._serialize.query("filter", filter, 'str') + + else: + url = next_link + query_parameters = {} + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def internal_paging(next_link=None): + request = prepare_request(next_link) + + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + return response + + # Deserialize response + header_dict = None + if raw: + header_dict = {} + deserialized = models.IoTSecuritySolutionModelPaged(internal_paging, self._deserialize.dependencies, header_dict) + + return deserialized + list_by_subscription.metadata = {'url': '/subscriptions/{subscriptionId}/providers/Microsoft.Security/iotSecuritySolutions'} + + def list_by_resource_group( + self, resource_group_name, filter=None, custom_headers=None, raw=False, **operation_config): + """Use this method to get the list IoT Security solutions organized by + resource group. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param filter: Filter the IoT Security solution with OData syntax. + Supports filtering by iotHubs. + :type filter: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: An iterator like instance of IoTSecuritySolutionModel + :rtype: + ~azure.mgmt.security.models.IoTSecuritySolutionModelPaged[~azure.mgmt.security.models.IoTSecuritySolutionModel] + :raises: :class:`CloudError` + """ + def prepare_request(next_link=None): + if not next_link: + # Construct URL + url = self.list_by_resource_group.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + if filter is not None: + query_parameters['$filter'] = self._serialize.query("filter", filter, 'str') + + else: + url = next_link + query_parameters = {} + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def internal_paging(next_link=None): + request = prepare_request(next_link) + + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + return response + + # Deserialize response + header_dict = None + if raw: + header_dict = {} + deserialized = models.IoTSecuritySolutionModelPaged(internal_paging, self._deserialize.dependencies, header_dict) + + return deserialized + list_by_resource_group.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions'} + def get( self, resource_group_name, solution_name, custom_headers=None, raw=False, **operation_config): - """Details of a specific iot security solution. + """User this method to get details of a specific IoT Security solution + based on solution name. :param resource_group_name: The name of the resource group within the user's subscription. The name is case insensitive. :type resource_group_name: str - :param solution_name: The solution manager name + :param solution_name: The name of the IoT Security solution. :type solution_name: str :param dict custom_headers: headers that will be added to the request :param bool raw: returns the direct response alongside the @@ -101,14 +250,14 @@ def get( return deserialized get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}'} - def create( + def create_or_update( self, resource_group_name, solution_name, iot_security_solution_data, custom_headers=None, raw=False, **operation_config): - """Create new solution manager. + """Use this method to create or update yours IoT Security solution. :param resource_group_name: The name of the resource group within the user's subscription. The name is case insensitive. :type resource_group_name: str - :param solution_name: The solution manager name + :param solution_name: The name of the IoT Security solution. :type solution_name: str :param iot_security_solution_data: The security solution data :type iot_security_solution_data: @@ -124,7 +273,7 @@ def create( :raises: :class:`CloudError` """ # Construct URL - url = self.create.metadata['url'] + url = self.create_or_update.metadata['url'] path_format_arguments = { 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), @@ -170,17 +319,18 @@ def create( return client_raw_response return deserialized - create.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}'} + create_or_update.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}'} def update( self, resource_group_name, solution_name, update_iot_security_solution_data, custom_headers=None, raw=False, **operation_config): - """update existing Security Solution tags or user defined resources. To - update other fields use the CreateOrUpdate method. + """Use this method to update existing IoT Security solution tags or user + defined resources. To update other fields use the CreateOrUpdate + method. :param resource_group_name: The name of the resource group within the user's subscription. The name is case insensitive. :type resource_group_name: str - :param solution_name: The solution manager name + :param solution_name: The name of the IoT Security solution. :type solution_name: str :param update_iot_security_solution_data: The security solution data :type update_iot_security_solution_data: @@ -244,12 +394,12 @@ def update( def delete( self, resource_group_name, solution_name, custom_headers=None, raw=False, **operation_config): - """Create new solution manager. + """Use this method to delete yours IoT Security solution. :param resource_group_name: The name of the resource group within the user's subscription. The name is case insensitive. :type resource_group_name: str - :param solution_name: The solution manager name + :param solution_name: The name of the IoT Security solution. :type solution_name: str :param dict custom_headers: headers that will be added to the request :param bool raw: returns the direct response alongside the diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_io_tsecurity_solutions_analytics_aggregated_alert_operations.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_iot_security_solutions_analytics_aggregated_alert_operations.py similarity index 63% rename from sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_io_tsecurity_solutions_analytics_aggregated_alert_operations.py rename to sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_iot_security_solutions_analytics_aggregated_alert_operations.py index b4a3340cf7e6..327bbbd5f397 100644 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_io_tsecurity_solutions_analytics_aggregated_alert_operations.py +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_iot_security_solutions_analytics_aggregated_alert_operations.py @@ -16,8 +16,8 @@ from .. import models -class IoTSecuritySolutionsAnalyticsAggregatedAlertOperations(object): - """IoTSecuritySolutionsAnalyticsAggregatedAlertOperations operations. +class IotSecuritySolutionsAnalyticsAggregatedAlertOperations(object): + """IotSecuritySolutionsAnalyticsAggregatedAlertOperations operations. You should not instantiate directly this class, but create a Client instance that will create it for you and attach it as attribute. @@ -39,16 +39,95 @@ def __init__(self, client, config, serializer, deserializer): self.config = config + def list( + self, resource_group_name, solution_name, top=None, custom_headers=None, raw=False, **operation_config): + """Use this method to get the aggregated alert list of yours IoT Security + solution. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param solution_name: The name of the IoT Security solution. + :type solution_name: str + :param top: Number of results to retrieve. + :type top: int + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: An iterator like instance of IoTSecurityAggregatedAlert + :rtype: + ~azure.mgmt.security.models.IoTSecurityAggregatedAlertPaged[~azure.mgmt.security.models.IoTSecurityAggregatedAlert] + :raises: :class:`CloudError` + """ + def prepare_request(next_link=None): + if not next_link: + # Construct URL + url = self.list.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'solutionName': self._serialize.url("solution_name", solution_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + if top is not None: + query_parameters['$top'] = self._serialize.query("top", top, 'int') + + else: + url = next_link + query_parameters = {} + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def internal_paging(next_link=None): + request = prepare_request(next_link) + + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + return response + + # Deserialize response + header_dict = None + if raw: + header_dict = {} + deserialized = models.IoTSecurityAggregatedAlertPaged(internal_paging, self._deserialize.dependencies, header_dict) + + return deserialized + list.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/analyticsModels/default/aggregatedAlerts'} + def get( self, resource_group_name, solution_name, aggregated_alert_name, custom_headers=None, raw=False, **operation_config): - """Security Analytics of a security solution. + """Use this method to get a single the aggregated alert of yours IoT + Security solution. This aggregation is performed by alert name. :param resource_group_name: The name of the resource group within the user's subscription. The name is case insensitive. :type resource_group_name: str - :param solution_name: The solution manager name + :param solution_name: The name of the IoT Security solution. :type solution_name: str - :param aggregated_alert_name: Identifier of the aggregated alert + :param aggregated_alert_name: Identifier of the aggregated alert. :type aggregated_alert_name: str :param dict custom_headers: headers that will be added to the request :param bool raw: returns the direct response alongside the @@ -106,14 +185,14 @@ def get( def dismiss( self, resource_group_name, solution_name, aggregated_alert_name, custom_headers=None, raw=False, **operation_config): - """Security Analytics of a security solution. + """Use this method to dismiss an aggregated IoT Security Solution Alert. :param resource_group_name: The name of the resource group within the user's subscription. The name is case insensitive. :type resource_group_name: str - :param solution_name: The solution manager name + :param solution_name: The name of the IoT Security solution. :type solution_name: str - :param aggregated_alert_name: Identifier of the aggregated alert + :param aggregated_alert_name: Identifier of the aggregated alert. :type aggregated_alert_name: str :param dict custom_headers: headers that will be added to the request :param bool raw: returns the direct response alongside the diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_io_tsecurity_solutions_analytics_recommendations_operations.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_iot_security_solutions_analytics_recommendation_operations.py similarity index 54% rename from sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_io_tsecurity_solutions_analytics_recommendations_operations.py rename to sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_iot_security_solutions_analytics_recommendation_operations.py index 3276e998ec1a..57dbc1031ce4 100644 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_io_tsecurity_solutions_analytics_recommendations_operations.py +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_iot_security_solutions_analytics_recommendation_operations.py @@ -16,8 +16,8 @@ from .. import models -class IoTSecuritySolutionsAnalyticsRecommendationsOperations(object): - """IoTSecuritySolutionsAnalyticsRecommendationsOperations operations. +class IotSecuritySolutionsAnalyticsRecommendationOperations(object): + """IotSecuritySolutionsAnalyticsRecommendationOperations operations. You should not instantiate directly this class, but create a Client instance that will create it for you and attach it as attribute. @@ -39,16 +39,87 @@ def __init__(self, client, config, serializer, deserializer): self.config = config + def get( + self, resource_group_name, solution_name, aggregated_recommendation_name, custom_headers=None, raw=False, **operation_config): + """Use this method to get the aggregated security analytics recommendation + of yours IoT Security solution. This aggregation is performed by + recommendation name. + + :param resource_group_name: The name of the resource group within the + user's subscription. The name is case insensitive. + :type resource_group_name: str + :param solution_name: The name of the IoT Security solution. + :type solution_name: str + :param aggregated_recommendation_name: Name of the recommendation + aggregated for this query. + :type aggregated_recommendation_name: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: IoTSecurityAggregatedRecommendation or ClientRawResponse if + raw=true + :rtype: + ~azure.mgmt.security.models.IoTSecurityAggregatedRecommendation or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.get.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'resourceGroupName': self._serialize.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1, pattern=r'^[-\w\._\(\)]+$'), + 'solutionName': self._serialize.url("solution_name", solution_name, 'str'), + 'aggregatedRecommendationName': self._serialize.url("aggregated_recommendation_name", aggregated_recommendation_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('IoTSecurityAggregatedRecommendation', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + get.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/analyticsModels/default/aggregatedRecommendations/{aggregatedRecommendationName}'} + def list( self, resource_group_name, solution_name, top=None, custom_headers=None, raw=False, **operation_config): - """Security Analytics of a security solution. + """Use this method to get the list of aggregated security analytics + recommendations of yours IoT Security solution. :param resource_group_name: The name of the resource group within the user's subscription. The name is case insensitive. :type resource_group_name: str - :param solution_name: The solution manager name + :param solution_name: The name of the IoT Security solution. :type solution_name: str - :param top: The number of results to retrieve. + :param top: Number of results to retrieve. :type top: int :param dict custom_headers: headers that will be added to the request :param bool raw: returns the direct response alongside the diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_jit_network_access_policies_operations.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_jit_network_access_policies_operations.py index 48df52e84dba..510465f574eb 100644 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_jit_network_access_policies_operations.py +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_jit_network_access_policies_operations.py @@ -25,7 +25,7 @@ class JitNetworkAccessPoliciesOperations(object): :param config: Configuration of service client. :param serializer: An object model serializer. :param deserializer: An object model deserializer. - :ivar api_version: API version for the operation. Constant value: "2015-06-01-preview". + :ivar api_version: API version for the operation. Constant value: "2020-01-01". :ivar jit_network_access_policy_initiate_type: Type of the action to do on the Just-in-Time access policy. Constant value: "initiate". """ @@ -36,7 +36,7 @@ def __init__(self, client, config, serializer, deserializer): self._client = client self._serialize = serializer self._deserialize = deserializer - self.api_version = "2015-06-01-preview" + self.api_version = "2020-01-01" self.jit_network_access_policy_initiate_type = "initiate" self.config = config @@ -511,7 +511,7 @@ def delete( delete.metadata = {'url': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/locations/{ascLocation}/jitNetworkAccessPolicies/{jitNetworkAccessPolicyName}'} def initiate( - self, resource_group_name, jit_network_access_policy_name, virtual_machines, custom_headers=None, raw=False, **operation_config): + self, resource_group_name, jit_network_access_policy_name, virtual_machines, justification=None, custom_headers=None, raw=False, **operation_config): """Initiate a JIT access from a specific Just-in-Time policy configuration. @@ -525,6 +525,9 @@ def initiate( access for :type virtual_machines: list[~azure.mgmt.security.models.JitNetworkAccessPolicyInitiateVirtualMachine] + :param justification: The justification for making the initiate + request + :type justification: str :param dict custom_headers: headers that will be added to the request :param bool raw: returns the direct response alongside the deserialized response @@ -535,7 +538,7 @@ def initiate( ~msrest.pipeline.ClientRawResponse :raises: :class:`CloudError` """ - body = models.JitNetworkAccessPolicyInitiateRequest(virtual_machines=virtual_machines) + body = models.JitNetworkAccessPolicyInitiateRequest(virtual_machines=virtual_machines, justification=justification) # Construct URL url = self.initiate.metadata['url'] diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_pricings_operations.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_pricings_operations.py index 02e06e34875c..e7d4637ae20b 100644 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_pricings_operations.py +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_pricings_operations.py @@ -41,10 +41,7 @@ def __init__(self, client, config, serializer, deserializer): def list( self, custom_headers=None, raw=False, **operation_config): - """A given security pricing configuration in the subscription. Azure - Security Center is available in two pricing tiers: Free and Standard, - on multiple resource types, including Virtual machines, SQL Servers, - App service plans and Storage accounts. + """Lists Security Center pricing configurations in the subscription. :param dict custom_headers: headers that will be added to the request :param bool raw: returns the direct response alongside the @@ -99,10 +96,8 @@ def list( def get( self, pricing_name, custom_headers=None, raw=False, **operation_config): - """A given security pricing configuration in the subscription. Azure - Security Center is available in two pricing tiers: Free and Standard, - on multiple resource types, including Virtual machines, SQL Servers, - App service plans and Storage accounts. + """Gets a provided Security Center pricing configuration in the + subscription. :param pricing_name: name of the pricing configuration :type pricing_name: str @@ -160,10 +155,8 @@ def get( def update( self, pricing_name, pricing_tier, custom_headers=None, raw=False, **operation_config): - """A given security pricing configuration in the subscription. Azure - Security Center is available in two pricing tiers: Free and Standard, - on multiple resource types, including Virtual machines, SQL Servers, - App service plans and Storage accounts. + """Updates a provided Security Center pricing configuration in the + subscription. :param pricing_name: name of the pricing configuration :type pricing_name: str diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_secure_score_control_definitions_operations.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_secure_score_control_definitions_operations.py new file mode 100644 index 000000000000..f6f906d7034f --- /dev/null +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_secure_score_control_definitions_operations.py @@ -0,0 +1,170 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +import uuid +from msrest.pipeline import ClientRawResponse +from msrestazure.azure_exceptions import CloudError + +from .. import models + + +class SecureScoreControlDefinitionsOperations(object): + """SecureScoreControlDefinitionsOperations operations. + + You should not instantiate directly this class, but create a Client instance that will create it for you and attach it as attribute. + + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + :ivar api_version: API version for the operation. Constant value: "2020-01-01-preview". + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self.api_version = "2020-01-01-preview" + + self.config = config + + def list( + self, custom_headers=None, raw=False, **operation_config): + """List the available security controls, their assessments, and the max + score. + + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: An iterator like instance of SecureScoreControlDefinitionItem + :rtype: + ~azure.mgmt.security.models.SecureScoreControlDefinitionItemPaged[~azure.mgmt.security.models.SecureScoreControlDefinitionItem] + :raises: :class:`CloudError` + """ + def prepare_request(next_link=None): + if not next_link: + # Construct URL + url = self.list.metadata['url'] + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + query_parameters = {} + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def internal_paging(next_link=None): + request = prepare_request(next_link) + + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + return response + + # Deserialize response + header_dict = None + if raw: + header_dict = {} + deserialized = models.SecureScoreControlDefinitionItemPaged(internal_paging, self._deserialize.dependencies, header_dict) + + return deserialized + list.metadata = {'url': '/providers/Microsoft.Security/secureScoreControlDefinitions'} + + def list_by_subscription( + self, custom_headers=None, raw=False, **operation_config): + """For a specified subscription, list the available security controls, + their assessments, and the max score. + + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: An iterator like instance of SecureScoreControlDefinitionItem + :rtype: + ~azure.mgmt.security.models.SecureScoreControlDefinitionItemPaged[~azure.mgmt.security.models.SecureScoreControlDefinitionItem] + :raises: :class:`CloudError` + """ + def prepare_request(next_link=None): + if not next_link: + # Construct URL + url = self.list_by_subscription.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + query_parameters = {} + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def internal_paging(next_link=None): + request = prepare_request(next_link) + + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + return response + + # Deserialize response + header_dict = None + if raw: + header_dict = {} + deserialized = models.SecureScoreControlDefinitionItemPaged(internal_paging, self._deserialize.dependencies, header_dict) + + return deserialized + list_by_subscription.metadata = {'url': '/subscriptions/{subscriptionId}/providers/Microsoft.Security/secureScoreControlDefinitions'} diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_secure_score_controls_operations.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_secure_score_controls_operations.py new file mode 100644 index 000000000000..39958690c964 --- /dev/null +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_secure_score_controls_operations.py @@ -0,0 +1,186 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +import uuid +from msrest.pipeline import ClientRawResponse +from msrestazure.azure_exceptions import CloudError + +from .. import models + + +class SecureScoreControlsOperations(object): + """SecureScoreControlsOperations operations. + + You should not instantiate directly this class, but create a Client instance that will create it for you and attach it as attribute. + + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + :ivar api_version: API version for the operation. Constant value: "2020-01-01-preview". + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self.api_version = "2020-01-01-preview" + + self.config = config + + def list_by_secure_score( + self, secure_score_name, expand=None, custom_headers=None, raw=False, **operation_config): + """Get all security controls for a specific initiative within a scope. + + :param secure_score_name: The initiative name. For the ASC Default + initiative, use 'ascScore' as in the sample request below. + :type secure_score_name: str + :param expand: OData expand. Optional. Possible values include: + 'definition' + :type expand: str or ~azure.mgmt.security.models.ExpandControlsEnum + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: An iterator like instance of SecureScoreControlDetails + :rtype: + ~azure.mgmt.security.models.SecureScoreControlDetailsPaged[~azure.mgmt.security.models.SecureScoreControlDetails] + :raises: :class:`CloudError` + """ + def prepare_request(next_link=None): + if not next_link: + # Construct URL + url = self.list_by_secure_score.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'secureScoreName': self._serialize.url("secure_score_name", secure_score_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + if expand is not None: + query_parameters['$expand'] = self._serialize.query("expand", expand, 'str') + + else: + url = next_link + query_parameters = {} + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def internal_paging(next_link=None): + request = prepare_request(next_link) + + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + return response + + # Deserialize response + header_dict = None + if raw: + header_dict = {} + deserialized = models.SecureScoreControlDetailsPaged(internal_paging, self._deserialize.dependencies, header_dict) + + return deserialized + list_by_secure_score.metadata = {'url': '/subscriptions/{subscriptionId}/providers/Microsoft.Security/secureScores/{secureScoreName}/secureScoreControls'} + + def list( + self, expand=None, custom_headers=None, raw=False, **operation_config): + """Get all security controls within a scope. + + :param expand: OData expand. Optional. Possible values include: + 'definition' + :type expand: str or ~azure.mgmt.security.models.ExpandControlsEnum + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: An iterator like instance of SecureScoreControlDetails + :rtype: + ~azure.mgmt.security.models.SecureScoreControlDetailsPaged[~azure.mgmt.security.models.SecureScoreControlDetails] + :raises: :class:`CloudError` + """ + def prepare_request(next_link=None): + if not next_link: + # Construct URL + url = self.list.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + if expand is not None: + query_parameters['$expand'] = self._serialize.query("expand", expand, 'str') + + else: + url = next_link + query_parameters = {} + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def internal_paging(next_link=None): + request = prepare_request(next_link) + + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + return response + + # Deserialize response + header_dict = None + if raw: + header_dict = {} + deserialized = models.SecureScoreControlDetailsPaged(internal_paging, self._deserialize.dependencies, header_dict) + + return deserialized + list.metadata = {'url': '/subscriptions/{subscriptionId}/providers/Microsoft.Security/secureScoreControls'} diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_io_tsecurity_solutions_operations.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_secure_scores_operations.py similarity index 51% rename from sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_io_tsecurity_solutions_operations.py rename to sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_secure_scores_operations.py index b3f222701615..bc6c14f42405 100644 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_io_tsecurity_solutions_operations.py +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_secure_scores_operations.py @@ -16,8 +16,8 @@ from .. import models -class IoTSecuritySolutionsOperations(object): - """IoTSecuritySolutionsOperations operations. +class SecureScoresOperations(object): + """SecureScoresOperations operations. You should not instantiate directly this class, but create a Client instance that will create it for you and attach it as attribute. @@ -25,7 +25,7 @@ class IoTSecuritySolutionsOperations(object): :param config: Configuration of service client. :param serializer: An object model serializer. :param deserializer: An object model deserializer. - :ivar api_version: API version for the operation. Constant value: "2019-08-01". + :ivar api_version: API version for the operation. Constant value: "2020-01-01-preview". """ models = models @@ -35,25 +35,23 @@ def __init__(self, client, config, serializer, deserializer): self._client = client self._serialize = serializer self._deserialize = deserializer - self.api_version = "2019-08-01" + self.api_version = "2020-01-01-preview" self.config = config def list( - self, filter=None, custom_headers=None, raw=False, **operation_config): - """List of security solutions. + self, custom_headers=None, raw=False, **operation_config): + """List secure scores for all your Security Center initiatives within your + current scope. - :param filter: filter the Security Solution with OData syntax. - supporting filter by iotHubs - :type filter: str :param dict custom_headers: headers that will be added to the request :param bool raw: returns the direct response alongside the deserialized response :param operation_config: :ref:`Operation configuration overrides`. - :return: An iterator like instance of IoTSecuritySolutionModel + :return: An iterator like instance of SecureScoreItem :rtype: - ~azure.mgmt.security.models.IoTSecuritySolutionModelPaged[~azure.mgmt.security.models.IoTSecuritySolutionModel] + ~azure.mgmt.security.models.SecureScoreItemPaged[~azure.mgmt.security.models.SecureScoreItem] :raises: :class:`CloudError` """ def prepare_request(next_link=None): @@ -68,8 +66,6 @@ def prepare_request(next_link=None): # Construct parameters query_parameters = {} query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') - if filter is not None: - query_parameters['$filter'] = self._serialize.query("filter", filter, 'str') else: url = next_link @@ -105,7 +101,67 @@ def internal_paging(next_link=None): header_dict = None if raw: header_dict = {} - deserialized = models.IoTSecuritySolutionModelPaged(internal_paging, self._deserialize.dependencies, header_dict) + deserialized = models.SecureScoreItemPaged(internal_paging, self._deserialize.dependencies, header_dict) return deserialized - list.metadata = {'url': '/subscriptions/{subscriptionId}/providers/Microsoft.Security/iotSecuritySolutions'} + list.metadata = {'url': '/subscriptions/{subscriptionId}/providers/Microsoft.Security/secureScores'} + + def get( + self, secure_score_name, custom_headers=None, raw=False, **operation_config): + """Get secure score for a specific initiative within your current scope. + For the ASC Default initiative, use 'ascScore'. + + :param secure_score_name: The initiative name. For the ASC Default + initiative, use 'ascScore' as in the sample request below. + :type secure_score_name: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: SecureScoreItem or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.security.models.SecureScoreItem or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.get.metadata['url'] + path_format_arguments = { + 'subscriptionId': self._serialize.url("self.config.subscription_id", self.config.subscription_id, 'str', pattern=r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'), + 'secureScoreName': self._serialize.url("secure_score_name", secure_score_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SecureScoreItem', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + get.metadata = {'url': '/subscriptions/{subscriptionId}/providers/Microsoft.Security/secureScores/{secureScoreName}'} diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_settings_operations.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_settings_operations.py index 5dcbe3cd8d9f..0fd17bfc35f6 100644 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_settings_operations.py +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_settings_operations.py @@ -165,16 +165,14 @@ def get( get.metadata = {'url': '/subscriptions/{subscriptionId}/providers/Microsoft.Security/settings/{settingName}'} def update( - self, setting_name, kind, custom_headers=None, raw=False, **operation_config): + self, setting_name, setting, custom_headers=None, raw=False, **operation_config): """updating settings about different configurations in security center. :param setting_name: Name of setting: (MCAS/WDATP). Possible values include: 'MCAS', 'WDATP' :type setting_name: str - :param kind: the kind of the settings string (DataExportSetting). - Possible values include: 'DataExportSetting', - 'AlertSuppressionSetting' - :type kind: str or ~azure.mgmt.security.models.SettingKind + :param setting: Setting object + :type setting: ~azure.mgmt.security.models.Setting :param dict custom_headers: headers that will be added to the request :param bool raw: returns the direct response alongside the deserialized response @@ -185,8 +183,6 @@ def update( ~msrest.pipeline.ClientRawResponse :raises: :class:`CloudError` """ - setting = models.Setting(kind=kind) - # Construct URL url = self.update.metadata['url'] path_format_arguments = { diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_sub_assessments_operations.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_sub_assessments_operations.py new file mode 100644 index 000000000000..c73ee21df970 --- /dev/null +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_sub_assessments_operations.py @@ -0,0 +1,253 @@ +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for +# license information. +# +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is +# regenerated. +# -------------------------------------------------------------------------- + +import uuid +from msrest.pipeline import ClientRawResponse +from msrestazure.azure_exceptions import CloudError + +from .. import models + + +class SubAssessmentsOperations(object): + """SubAssessmentsOperations operations. + + You should not instantiate directly this class, but create a Client instance that will create it for you and attach it as attribute. + + :param client: Client for service requests. + :param config: Configuration of service client. + :param serializer: An object model serializer. + :param deserializer: An object model deserializer. + :ivar api_version: API version for the operation. Constant value: "2019-01-01-preview". + """ + + models = models + + def __init__(self, client, config, serializer, deserializer): + + self._client = client + self._serialize = serializer + self._deserialize = deserializer + self.api_version = "2019-01-01-preview" + + self.config = config + + def list_all( + self, scope, custom_headers=None, raw=False, **operation_config): + """Get security sub-assessments on all your scanned resources inside a + subscription scope. + + :param scope: Scope of the query, can be subscription + (/subscriptions/0b06d9ea-afe6-4779-bd59-30e5c2d9d13f) or management + group (/providers/Microsoft.Management/managementGroups/mgName). + :type scope: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: An iterator like instance of SecuritySubAssessment + :rtype: + ~azure.mgmt.security.models.SecuritySubAssessmentPaged[~azure.mgmt.security.models.SecuritySubAssessment] + :raises: :class:`CloudError` + """ + def prepare_request(next_link=None): + if not next_link: + # Construct URL + url = self.list_all.metadata['url'] + path_format_arguments = { + 'scope': self._serialize.url("scope", scope, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + query_parameters = {} + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def internal_paging(next_link=None): + request = prepare_request(next_link) + + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + return response + + # Deserialize response + header_dict = None + if raw: + header_dict = {} + deserialized = models.SecuritySubAssessmentPaged(internal_paging, self._deserialize.dependencies, header_dict) + + return deserialized + list_all.metadata = {'url': '/{scope}/providers/Microsoft.Security/subAssessments'} + + def list( + self, scope, assessment_name, custom_headers=None, raw=False, **operation_config): + """Get security sub-assessments on all your scanned resources inside a + scope. + + :param scope: Scope of the query, can be subscription + (/subscriptions/0b06d9ea-afe6-4779-bd59-30e5c2d9d13f) or management + group (/providers/Microsoft.Management/managementGroups/mgName). + :type scope: str + :param assessment_name: The Assessment Key - Unique key for the + assessment type + :type assessment_name: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: An iterator like instance of SecuritySubAssessment + :rtype: + ~azure.mgmt.security.models.SecuritySubAssessmentPaged[~azure.mgmt.security.models.SecuritySubAssessment] + :raises: :class:`CloudError` + """ + def prepare_request(next_link=None): + if not next_link: + # Construct URL + url = self.list.metadata['url'] + path_format_arguments = { + 'scope': self._serialize.url("scope", scope, 'str'), + 'assessmentName': self._serialize.url("assessment_name", assessment_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + else: + url = next_link + query_parameters = {} + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + return request + + def internal_paging(next_link=None): + request = prepare_request(next_link) + + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + return response + + # Deserialize response + header_dict = None + if raw: + header_dict = {} + deserialized = models.SecuritySubAssessmentPaged(internal_paging, self._deserialize.dependencies, header_dict) + + return deserialized + list.metadata = {'url': '/{scope}/providers/Microsoft.Security/assessments/{assessmentName}/subAssessments'} + + def get( + self, scope, assessment_name, sub_assessment_name, custom_headers=None, raw=False, **operation_config): + """Get a security sub-assessment on your scanned resource. + + :param scope: Scope of the query, can be subscription + (/subscriptions/0b06d9ea-afe6-4779-bd59-30e5c2d9d13f) or management + group (/providers/Microsoft.Management/managementGroups/mgName). + :type scope: str + :param assessment_name: The Assessment Key - Unique key for the + assessment type + :type assessment_name: str + :param sub_assessment_name: The Sub-Assessment Key - Unique key for + the sub-assessment type + :type sub_assessment_name: str + :param dict custom_headers: headers that will be added to the request + :param bool raw: returns the direct response alongside the + deserialized response + :param operation_config: :ref:`Operation configuration + overrides`. + :return: SecuritySubAssessment or ClientRawResponse if raw=true + :rtype: ~azure.mgmt.security.models.SecuritySubAssessment or + ~msrest.pipeline.ClientRawResponse + :raises: :class:`CloudError` + """ + # Construct URL + url = self.get.metadata['url'] + path_format_arguments = { + 'scope': self._serialize.url("scope", scope, 'str'), + 'assessmentName': self._serialize.url("assessment_name", assessment_name, 'str'), + 'subAssessmentName': self._serialize.url("sub_assessment_name", sub_assessment_name, 'str') + } + url = self._client.format_url(url, **path_format_arguments) + + # Construct parameters + query_parameters = {} + query_parameters['api-version'] = self._serialize.query("self.api_version", self.api_version, 'str') + + # Construct headers + header_parameters = {} + header_parameters['Accept'] = 'application/json' + if self.config.generate_client_request_id: + header_parameters['x-ms-client-request-id'] = str(uuid.uuid1()) + if custom_headers: + header_parameters.update(custom_headers) + if self.config.accept_language is not None: + header_parameters['accept-language'] = self._serialize.header("self.config.accept_language", self.config.accept_language, 'str') + + # Construct and send request + request = self._client.get(url, query_parameters, header_parameters) + response = self._client.send(request, stream=False, **operation_config) + + if response.status_code not in [200]: + exp = CloudError(response) + exp.request_id = response.headers.get('x-ms-request-id') + raise exp + + deserialized = None + if response.status_code == 200: + deserialized = self._deserialize('SecuritySubAssessment', response) + + if raw: + client_raw_response = ClientRawResponse(deserialized, response) + return client_raw_response + + return deserialized + get.metadata = {'url': '/{scope}/providers/Microsoft.Security/assessments/{assessmentName}/subAssessments/{subAssessmentName}'} diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_topology_operations.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_topology_operations.py index 1d6e616bb498..1f9aca1403f9 100644 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_topology_operations.py +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_topology_operations.py @@ -25,7 +25,7 @@ class TopologyOperations(object): :param config: Configuration of service client. :param serializer: An object model serializer. :param deserializer: An object model deserializer. - :ivar api_version: API version for the operation. Constant value: "2015-06-01-preview". + :ivar api_version: API version for the operation. Constant value: "2020-01-01". """ models = models @@ -35,7 +35,7 @@ def __init__(self, client, config, serializer, deserializer): self._client = client self._serialize = serializer self._deserialize = deserializer - self.api_version = "2015-06-01-preview" + self.api_version = "2020-01-01" self.config = config diff --git a/sdk/security/azure-mgmt-security/setup.py b/sdk/security/azure-mgmt-security/setup.py index 92d40c6d820d..2a22fe282f2e 100644 --- a/sdk/security/azure-mgmt-security/setup.py +++ b/sdk/security/azure-mgmt-security/setup.py @@ -36,7 +36,9 @@ pass # Version extraction inspired from 'requests' -with open(os.path.join(package_folder_path, 'version.py'), 'r') as fd: +with open(os.path.join(package_folder_path, 'version.py') + if os.path.exists(os.path.join(package_folder_path, 'version.py')) + else os.path.join(package_folder_path, '_version.py'), 'r') as fd: version = re.search(r'^VERSION\s*=\s*[\'"]([^\'"]*)[\'"]', fd.read(), re.MULTILINE).group(1) @@ -67,6 +69,7 @@ 'Programming Language :: Python :: 3.5', 'Programming Language :: Python :: 3.6', 'Programming Language :: Python :: 3.7', + 'Programming Language :: Python :: 3.8', 'License :: OSI Approved :: MIT License', ], zip_safe=False, From cfe951e06585c41fb682ba77f5fc5116e4f934d4 Mon Sep 17 00:00:00 2001 From: SDK Automation Date: Wed, 27 May 2020 21:08:26 +0000 Subject: [PATCH 2/2] Generated from fc3a4f33a3ae7ea66c76d4384d278e4631344cd7 v1 --- .../azure/mgmt/security/models/_models.py | 27 ++++++++++--------- .../azure/mgmt/security/models/_models_py3.py | 27 ++++++++++--------- ...re_score_control_definitions_operations.py | 7 +++-- .../_secure_score_controls_operations.py | 7 +++-- .../operations/_secure_scores_operations.py | 9 +++---- 5 files changed, 37 insertions(+), 40 deletions(-) diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_models.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_models.py index d6d9e2596d17..8bcf6c196a75 100644 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_models.py +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_models.py @@ -5072,7 +5072,7 @@ def __init__(self, **kwargs): class SecureScoreControlDefinitionItem(Resource): - """Information about the security control. + """Secure Score Control's Definition information. Variables are only populated by the server, and will be ignored when sending a request. @@ -5092,8 +5092,8 @@ class SecureScoreControlDefinitionItem(Resource): :ivar source: Source object from which the control was created :vartype source: ~azure.mgmt.security.models.SecureScoreControlDefinitionSource - :ivar assessment_definitions: Array of assessments metadata IDs that are - included in this security control + :ivar assessment_definitions: array of assessments metadata IDs that are + included in this control :vartype assessment_definitions: list[~azure.mgmt.security.models.AzureResourceLink] """ @@ -5130,10 +5130,12 @@ def __init__(self, **kwargs): class SecureScoreControlDefinitionSource(Model): - """The type of the security control (For example, BuiltIn). + """representing the source of the control. - :param source_type: The type of security control (for example, BuiltIn). - Possible values include: 'BuiltIn', 'Custom' + :param source_type: BuiltIn if the control is built-in from Azure Security + Center managed assessments, Custom (Future) if the assessment based on + custom Azure Policy definition, CustomerManaged (future) for customers who + build their own controls. Possible values include: 'BuiltIn', 'Custom' :type source_type: str or ~azure.mgmt.security.models.ControlType """ @@ -5147,8 +5149,7 @@ def __init__(self, **kwargs): class SecureScoreControlDetails(Resource): - """Details of the security control, its score, and the health status of the - relevant resources. + """Secure score control (calculated) object. Variables are only populated by the server, and will be ignored when sending a request. @@ -5161,9 +5162,9 @@ class SecureScoreControlDetails(Resource): :vartype type: str :ivar display_name: User friendly display name of the control :vartype display_name: str - :ivar max: Maximum score available + :ivar max: Maximum score applicable :vartype max: int - :ivar current: Current score + :ivar current: Actual score :vartype current: float :ivar healthy_resource_count: Number of healthy resources in the control :vartype healthy_resource_count: int @@ -5255,11 +5256,11 @@ class SecureScoreItem(Resource): :vartype name: str :ivar type: Resource type :vartype type: str - :ivar display_name: The initiative’s name + :ivar display_name: User friendly display name of the secure score item :vartype display_name: str - :ivar max: Maximum score available + :ivar max: Maximum score applicable :vartype max: int - :ivar current: Current score + :ivar current: Actual score :vartype current: float """ diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_models_py3.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_models_py3.py index 0a92ed90bee4..acab792f90e7 100644 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_models_py3.py +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/models/_models_py3.py @@ -5072,7 +5072,7 @@ def __init__(self, *, additional_properties=None, field: str=None, **kwargs) -> class SecureScoreControlDefinitionItem(Resource): - """Information about the security control. + """Secure Score Control's Definition information. Variables are only populated by the server, and will be ignored when sending a request. @@ -5092,8 +5092,8 @@ class SecureScoreControlDefinitionItem(Resource): :ivar source: Source object from which the control was created :vartype source: ~azure.mgmt.security.models.SecureScoreControlDefinitionSource - :ivar assessment_definitions: Array of assessments metadata IDs that are - included in this security control + :ivar assessment_definitions: array of assessments metadata IDs that are + included in this control :vartype assessment_definitions: list[~azure.mgmt.security.models.AzureResourceLink] """ @@ -5130,10 +5130,12 @@ def __init__(self, **kwargs) -> None: class SecureScoreControlDefinitionSource(Model): - """The type of the security control (For example, BuiltIn). + """representing the source of the control. - :param source_type: The type of security control (for example, BuiltIn). - Possible values include: 'BuiltIn', 'Custom' + :param source_type: BuiltIn if the control is built-in from Azure Security + Center managed assessments, Custom (Future) if the assessment based on + custom Azure Policy definition, CustomerManaged (future) for customers who + build their own controls. Possible values include: 'BuiltIn', 'Custom' :type source_type: str or ~azure.mgmt.security.models.ControlType """ @@ -5147,8 +5149,7 @@ def __init__(self, *, source_type=None, **kwargs) -> None: class SecureScoreControlDetails(Resource): - """Details of the security control, its score, and the health status of the - relevant resources. + """Secure score control (calculated) object. Variables are only populated by the server, and will be ignored when sending a request. @@ -5161,9 +5162,9 @@ class SecureScoreControlDetails(Resource): :vartype type: str :ivar display_name: User friendly display name of the control :vartype display_name: str - :ivar max: Maximum score available + :ivar max: Maximum score applicable :vartype max: int - :ivar current: Current score + :ivar current: Actual score :vartype current: float :ivar healthy_resource_count: Number of healthy resources in the control :vartype healthy_resource_count: int @@ -5255,11 +5256,11 @@ class SecureScoreItem(Resource): :vartype name: str :ivar type: Resource type :vartype type: str - :ivar display_name: The initiative’s name + :ivar display_name: User friendly display name of the secure score item :vartype display_name: str - :ivar max: Maximum score available + :ivar max: Maximum score applicable :vartype max: int - :ivar current: Current score + :ivar current: Actual score :vartype current: float """ diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_secure_score_control_definitions_operations.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_secure_score_control_definitions_operations.py index f6f906d7034f..c33eb8febabf 100644 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_secure_score_control_definitions_operations.py +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_secure_score_control_definitions_operations.py @@ -41,8 +41,7 @@ def __init__(self, client, config, serializer, deserializer): def list( self, custom_headers=None, raw=False, **operation_config): - """List the available security controls, their assessments, and the max - score. + """Get definition information on all secure score controls. :param dict custom_headers: headers that will be added to the request :param bool raw: returns the direct response alongside the @@ -104,8 +103,8 @@ def internal_paging(next_link=None): def list_by_subscription( self, custom_headers=None, raw=False, **operation_config): - """For a specified subscription, list the available security controls, - their assessments, and the max score. + """Get definition information on all secure score controls in subscription + level. :param dict custom_headers: headers that will be added to the request :param bool raw: returns the direct response alongside the diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_secure_score_controls_operations.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_secure_score_controls_operations.py index 39958690c964..4ef8a3986b0a 100644 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_secure_score_controls_operations.py +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_secure_score_controls_operations.py @@ -41,10 +41,9 @@ def __init__(self, client, config, serializer, deserializer): def list_by_secure_score( self, secure_score_name, expand=None, custom_headers=None, raw=False, **operation_config): - """Get all security controls for a specific initiative within a scope. + """Get all secure score controls on specific initiatives inside a scope. - :param secure_score_name: The initiative name. For the ASC Default - initiative, use 'ascScore' as in the sample request below. + :param secure_score_name: The secure score initiative name :type secure_score_name: str :param expand: OData expand. Optional. Possible values include: 'definition' @@ -116,7 +115,7 @@ def internal_paging(next_link=None): def list( self, expand=None, custom_headers=None, raw=False, **operation_config): - """Get all security controls within a scope. + """Get all secure score controls on specific initiatives inside a scope. :param expand: OData expand. Optional. Possible values include: 'definition' diff --git a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_secure_scores_operations.py b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_secure_scores_operations.py index bc6c14f42405..5d45d507dc41 100644 --- a/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_secure_scores_operations.py +++ b/sdk/security/azure-mgmt-security/azure/mgmt/security/operations/_secure_scores_operations.py @@ -41,8 +41,7 @@ def __init__(self, client, config, serializer, deserializer): def list( self, custom_headers=None, raw=False, **operation_config): - """List secure scores for all your Security Center initiatives within your - current scope. + """Get secure scores on all your initiatives inside a scope. :param dict custom_headers: headers that will be added to the request :param bool raw: returns the direct response alongside the @@ -108,11 +107,9 @@ def internal_paging(next_link=None): def get( self, secure_score_name, custom_headers=None, raw=False, **operation_config): - """Get secure score for a specific initiative within your current scope. - For the ASC Default initiative, use 'ascScore'. + """Get secure score for a specific initiatives inside a scope. - :param secure_score_name: The initiative name. For the ASC Default - initiative, use 'ascScore' as in the sample request below. + :param secure_score_name: The secure score initiative name :type secure_score_name: str :param dict custom_headers: headers that will be added to the request :param bool raw: returns the direct response alongside the