diff --git a/custom-words.txt b/custom-words.txt
index 35c64a9ec0bb..f58ce8aa679d 100644
--- a/custom-words.txt
+++ b/custom-words.txt
@@ -2263,3 +2263,4 @@ DOCM
multislot
Tebibytes
privatelinkservicesforpowerbi
+Obuscated
diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessmentMetadata.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessmentMetadata.json
new file mode 100644
index 000000000000..b130a9c0569e
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessmentMetadata.json
@@ -0,0 +1,1113 @@
+{
+ "swagger": "2.0",
+ "info": {
+ "title": "Security Center",
+ "description": "API spec for Microsoft.Security (Azure Security Center) resource provider",
+ "version": "2021-06-01"
+ },
+ "host": "management.azure.com",
+ "schemes": [
+ "https"
+ ],
+ "consumes": [
+ "application/json"
+ ],
+ "produces": [
+ "application/json"
+ ],
+ "security": [
+ {
+ "azure_auth": [
+ "user_impersonation"
+ ]
+ }
+ ],
+ "securityDefinitions": {
+ "azure_auth": {
+ "type": "oauth2",
+ "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize",
+ "flow": "implicit",
+ "description": "Azure Active Directory OAuth2 Flow",
+ "scopes": {
+ "user_impersonation": "impersonate your user account"
+ }
+ }
+ },
+ "paths": {
+ "/providers/Microsoft.Security/assessmentMetadata": {
+ "get": {
+ "x-ms-examples": {
+ "List security assessment metadata": {
+ "$ref": "./examples/AssessmentsMetadata/ListAssessmentsMetadata_example.json"
+ }
+ },
+ "tags": [
+ "Assessments Metadata"
+ ],
+ "description": "Get metadata information on all assessment types",
+ "operationId": "AssessmentsMetadata_List",
+ "parameters": [
+ {
+ "$ref": "../../../common/v1/types.json#/parameters/ApiVersion"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "OK",
+ "schema": {
+ "$ref": "#/definitions/SecurityAssessmentMetadataResponseList"
+ }
+ },
+ "default": {
+ "description": "Error response describing why the operation failed.",
+ "schema": {
+ "$ref": "../../../common/v1/types.json#/definitions/CloudError"
+ }
+ }
+ },
+ "x-ms-pageable": {
+ "nextLinkName": "nextLink"
+ }
+ }
+ },
+ "/providers/Microsoft.Security/assessmentMetadata/{assessmentMetadataName}": {
+ "get": {
+ "x-ms-examples": {
+ "Get security assessment metadata": {
+ "$ref": "./examples/AssessmentsMetadata/GetAssessmentsMetadata_example.json"
+ }
+ },
+ "tags": [
+ "Assessments Metadata"
+ ],
+ "description": "Get metadata information on an assessment type",
+ "operationId": "AssessmentsMetadata_Get",
+ "parameters": [
+ {
+ "$ref": "../../../common/v1/types.json#/parameters/ApiVersion"
+ },
+ {
+ "$ref": "#/parameters/AssessmentsMetadataName"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "OK",
+ "schema": {
+ "$ref": "#/definitions/SecurityAssessmentMetadataResponse"
+ }
+ },
+ "default": {
+ "description": "Error response describing why the operation failed.",
+ "schema": {
+ "$ref": "../../../common/v1/types.json#/definitions/CloudError"
+ }
+ }
+ }
+ }
+ },
+ "/subscriptions/{subscriptionId}/providers/Microsoft.Security/assessmentMetadata": {
+ "get": {
+ "x-ms-examples": {
+ "List security assessment metadata for subscription": {
+ "$ref": "./examples/AssessmentsMetadata/ListAssessmentsMetadata_subscription_example.json"
+ }
+ },
+ "tags": [
+ "Assessments Metadata"
+ ],
+ "description": "Get metadata information on all assessment types in a specific subscription",
+ "operationId": "AssessmentsMetadata_ListBySubscription",
+ "parameters": [
+ {
+ "$ref": "../../../common/v1/types.json#/parameters/ApiVersion"
+ },
+ {
+ "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "OK",
+ "schema": {
+ "$ref": "#/definitions/SecurityAssessmentMetadataResponseList"
+ }
+ },
+ "default": {
+ "description": "Error response describing why the operation failed.",
+ "schema": {
+ "$ref": "../../../common/v1/types.json#/definitions/CloudError"
+ }
+ }
+ },
+ "x-ms-pageable": {
+ "nextLinkName": "nextLink"
+ }
+ }
+ },
+ "/subscriptions/{subscriptionId}/providers/Microsoft.Security/assessmentMetadata/{assessmentMetadataName}": {
+ "get": {
+ "x-ms-examples": {
+ "Get security assessment metadata for subscription": {
+ "$ref": "./examples/AssessmentsMetadata/GetAssessmentsMetadata_subscription_example.json"
+ }
+ },
+ "tags": [
+ "Assessments Metadata"
+ ],
+ "description": "Get metadata information on an assessment type in a specific subscription",
+ "operationId": "AssessmentsMetadata_GetInSubscription",
+ "parameters": [
+ {
+ "$ref": "../../../common/v1/types.json#/parameters/ApiVersion"
+ },
+ {
+ "$ref": "#/parameters/AssessmentsMetadataName"
+ },
+ {
+ "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "OK",
+ "schema": {
+ "$ref": "#/definitions/SecurityAssessmentMetadataResponse"
+ }
+ },
+ "default": {
+ "description": "Error response describing why the operation failed.",
+ "schema": {
+ "$ref": "../../../common/v1/types.json#/definitions/CloudError"
+ }
+ }
+ }
+ },
+ "put": {
+ "x-ms-examples": {
+ "Create security assessment metadata for subscription": {
+ "$ref": "./examples/AssessmentsMetadata/CreateAssessmentsMetadata_subscription_example.json"
+ }
+ },
+ "tags": [
+ "Assessments Metadata"
+ ],
+ "description": "Create metadata information on an assessment type in a specific subscription",
+ "operationId": "AssessmentsMetadata_CreateInSubscription",
+ "parameters": [
+ {
+ "$ref": "../../../common/v1/types.json#/parameters/ApiVersion"
+ },
+ {
+ "$ref": "#/parameters/AssessmentsMetadataName"
+ },
+ {
+ "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId"
+ },
+ {
+ "$ref": "#/parameters/SecurityAssessmentMetadataResponse"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "OK",
+ "schema": {
+ "$ref": "#/definitions/SecurityAssessmentMetadataResponse"
+ }
+ },
+ "default": {
+ "description": "Error response describing why the operation failed.",
+ "schema": {
+ "$ref": "../../../common/v1/types.json#/definitions/CloudError"
+ }
+ }
+ }
+ },
+ "delete": {
+ "x-ms-examples": {
+ "Delete a security assessment metadata for subscription": {
+ "$ref": "./examples/AssessmentsMetadata/DeleteAssessmentsMetadata_subscription_example.json"
+ }
+ },
+ "tags": [
+ "Assessments Metadata"
+ ],
+ "description": "Delete metadata information on an assessment type in a specific subscription, will cause the deletion of all the assessments of that type in that subscription",
+ "operationId": "AssessmentsMetadata_DeleteInSubscription",
+ "parameters": [
+ {
+ "$ref": "../../../common/v1/types.json#/parameters/ApiVersion"
+ },
+ {
+ "$ref": "#/parameters/AssessmentsMetadataName"
+ },
+ {
+ "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "OK"
+ },
+ "default": {
+ "description": "Error response describing why the operation failed.",
+ "schema": {
+ "$ref": "../../../common/v1/types.json#/definitions/CloudError"
+ }
+ }
+ }
+ }
+ }
+ },
+ "definitions": {
+ "SecurityAssessmentMetadataResponseList": {
+ "type": "object",
+ "description": "List of security assessment metadata",
+ "properties": {
+ "value": {
+ "readOnly": true,
+ "type": "array",
+ "items": {
+ "$ref": "#/definitions/SecurityAssessmentMetadataResponse"
+ }
+ },
+ "nextLink": {
+ "readOnly": true,
+ "type": "string",
+ "description": "The URI to fetch the next page."
+ }
+ }
+ },
+ "SecurityAssessmentMetadata": {
+ "type": "object",
+ "description": "Security assessment metadata",
+ "properties": {
+ "properties": {
+ "x-ms-client-flatten": true,
+ "$ref": "#/definitions/SecurityAssessmentMetadataProperties"
+ }
+ },
+ "allOf": [
+ {
+ "$ref": "../../../common/v1/types.json#/definitions/Resource"
+ }
+ ]
+ },
+ "SecurityAssessmentMetadataResponse": {
+ "type": "object",
+ "description": "Security assessment metadata response",
+ "properties": {
+ "properties": {
+ "x-ms-client-flatten": true,
+ "$ref": "#/definitions/SecurityAssessmentMetadataPropertiesResponse"
+ }
+ },
+ "allOf": [
+ {
+ "$ref": "../../../common/v1/types.json#/definitions/Resource"
+ }
+ ]
+ },
+ "SecurityAssessmentMetadataProperties": {
+ "type": "object",
+ "description": "Describes properties of an assessment metadata.",
+ "properties": {
+ "displayName": {
+ "type": "string",
+ "description": "User friendly display name of the assessment"
+ },
+ "policyDefinitionId": {
+ "readOnly": true,
+ "type": "string",
+ "description": "Azure resource ID of the policy definition that turns this assessment calculation on"
+ },
+ "description": {
+ "type": "string",
+ "description": "Human readable description of the assessment"
+ },
+ "remediationDescription": {
+ "type": "string",
+ "description": "Human readable description of what you should do to mitigate this security issue"
+ },
+ "categories": {
+ "type": "array",
+ "items": {
+ "type": "string",
+ "description": "The categories of resource that is at risk when the assessment is unhealthy",
+ "enum": [
+ "Compute",
+ "Networking",
+ "Data",
+ "IdentityAndAccess",
+ "IoT"
+ ],
+ "x-ms-enum": {
+ "name": "categories",
+ "modelAsString": true,
+ "values": [
+ {
+ "value": "Compute"
+ },
+ {
+ "value": "Networking"
+ },
+ {
+ "value": "Data"
+ },
+ {
+ "value": "IdentityAndAccess"
+ },
+ {
+ "value": "IoT"
+ }
+ ]
+ }
+ }
+ },
+ "severity": {
+ "type": "string",
+ "description": "The severity level of the assessment",
+ "enum": [
+ "Low",
+ "Medium",
+ "High"
+ ],
+ "x-ms-enum": {
+ "name": "severity",
+ "modelAsString": true,
+ "values": [
+ {
+ "value": "Low"
+ },
+ {
+ "value": "Medium"
+ },
+ {
+ "value": "High"
+ }
+ ]
+ }
+ },
+ "userImpact": {
+ "type": "string",
+ "description": "The user impact of the assessment",
+ "enum": [
+ "Low",
+ "Moderate",
+ "High"
+ ],
+ "x-ms-enum": {
+ "name": "userImpact",
+ "modelAsString": true,
+ "values": [
+ {
+ "value": "Low"
+ },
+ {
+ "value": "Moderate"
+ },
+ {
+ "value": "High"
+ }
+ ]
+ }
+ },
+ "implementationEffort": {
+ "type": "string",
+ "description": "The implementation effort required to remediate this assessment",
+ "enum": [
+ "Low",
+ "Moderate",
+ "High"
+ ],
+ "x-ms-enum": {
+ "name": "implementationEffort",
+ "modelAsString": true,
+ "values": [
+ {
+ "value": "Low"
+ },
+ {
+ "value": "Moderate"
+ },
+ {
+ "value": "High"
+ }
+ ]
+ }
+ },
+ "threats": {
+ "type": "array",
+ "items": {
+ "type": "string",
+ "description": "Threats impact of the assessment",
+ "enum": [
+ "accountBreach",
+ "dataExfiltration",
+ "dataSpillage",
+ "maliciousInsider",
+ "elevationOfPrivilege",
+ "threatResistance",
+ "missingCoverage",
+ "denialOfService"
+ ],
+ "x-ms-enum": {
+ "name": "threats",
+ "modelAsString": true,
+ "values": [
+ {
+ "value": "accountBreach"
+ },
+ {
+ "value": "dataExfiltration"
+ },
+ {
+ "value": "dataSpillage"
+ },
+ {
+ "value": "maliciousInsider"
+ },
+ {
+ "value": "elevationOfPrivilege"
+ },
+ {
+ "value": "threatResistance"
+ },
+ {
+ "value": "missingCoverage"
+ },
+ {
+ "value": "denialOfService"
+ }
+ ]
+ }
+ }
+ },
+ "preview": {
+ "type": "boolean",
+ "description": "True if this assessment is in preview release status"
+ },
+ "assessmentType": {
+ "type": "string",
+ "description": "BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition",
+ "enum": [
+ "BuiltIn",
+ "CustomPolicy",
+ "CustomerManaged",
+ "VerifiedPartner"
+ ],
+ "x-ms-enum": {
+ "name": "assessmentType",
+ "modelAsString": true,
+ "values": [
+ {
+ "value": "BuiltIn",
+ "description": "Azure Security Center managed assessments"
+ },
+ {
+ "value": "CustomPolicy",
+ "description": "User defined policies that are automatically ingested from Azure Policy to Azure Security Center"
+ },
+ {
+ "value": "CustomerManaged",
+ "description": "User assessments pushed directly by the user or other third party to Azure Security Center"
+ },
+ {
+ "value": "VerifiedPartner",
+ "description": "An assessment that was created by a verified 3rd party if the user connected it to ASC"
+ }
+ ]
+ }
+ },
+ "partnerData": {
+ "$ref": "#/definitions/SecurityAssessmentMetadataPartnerData"
+ }
+ },
+ "required": [
+ "displayName",
+ "severity",
+ "assessmentType"
+ ]
+ },
+ "SecurityAssessmentMetadataPartnerData": {
+ "type": "object",
+ "description": "Describes the partner that created the assessment",
+ "properties": {
+ "partnerName": {
+ "type": "string",
+ "description": "Name of the company of the partner"
+ },
+ "productName": {
+ "type": "string",
+ "description": "Name of the product of the partner that created the assessment"
+ },
+ "secret": {
+ "type": "string",
+ "description": "Secret to authenticate the partner and verify it created the assessment - write only",
+ "x-ms-secret": true
+ }
+ },
+ "required": [
+ "partnerName",
+ "secret"
+ ]
+ },
+ "SecurityAssessmentMetadataPropertiesResponse": {
+ "type": "object",
+ "description": "Describes properties of an assessment metadata response.",
+ "properties": {
+ "publishDates": {
+ "type": "object",
+ "properties": {
+ "GA": {
+ "type": "string",
+ "pattern": "^([0-9]{2}/){2}[0-9]{4}$"
+ },
+ "public": {
+ "type": "string",
+ "pattern": "^([0-9]{2}/){2}[0-9]{4}$"
+ }
+ },
+ "required": [
+ "public"
+ ]
+ },
+ "plannedDeprecationDate": {
+ "type": "string",
+ "pattern": "^[0-9]{2}/[0-9]{4}$"
+ },
+ "tactics": {
+ "type": "array",
+ "items": {
+ "type": "string",
+ "description": "Tactic of the assessment",
+ "enum": [
+ "Reconnaissance",
+ "Resource Development",
+ "Initial Access",
+ "Execution",
+ "Persistence",
+ "Privilege Escalation",
+ "Defense Evasion",
+ "Credential Access",
+ "Discovery",
+ "Lateral Movement",
+ "Collection",
+ "Command and Control",
+ "Exfiltration",
+ "Impact"
+ ],
+ "x-ms-enum": {
+ "name": "tactics",
+ "modelAsString": true,
+ "values": [
+ {
+ "value": "Reconnaissance"
+ },
+ {
+ "value": "Resource Development"
+ },
+ {
+ "value": "Initial Access"
+ },
+ {
+ "value": "Execution"
+ },
+ {
+ "value": "Persistence"
+ },
+ {
+ "value": "Privilege Escalation"
+ },
+ {
+ "value": "Defense Evasion"
+ },
+ {
+ "value": "Credential Access"
+ },
+ {
+ "value": "Discovery"
+ },
+ {
+ "value": "Lateral Movement"
+ },
+ {
+ "value": "Collection"
+ },
+ {
+ "value": "Command and Control"
+ },
+ {
+ "value": "Exfiltration"
+ },
+ {
+ "value": "Impact"
+ }
+ ]
+ }
+ }
+ },
+ "techniques": {
+ "type": "array",
+ "items": {
+ "type": "string",
+ "description": "Techniques of the assessment",
+ "enum": [
+ "Abuse Elevation Control Mechanism",
+ "Access Token Manipulation",
+ "Account Discovery",
+ "Account Manipulation",
+ "Active Scanning",
+ "Application Layer Protocol",
+ "Audio Capture",
+ "Boot or Logon Autostart Execution",
+ "Boot or Logon Initialization Scripts",
+ "Brute Force",
+ "Cloud Infrastructure Discovery",
+ "Cloud Service Dashboard",
+ "Cloud Service Discovery",
+ "Command and Scripting Interpreter",
+ "Compromise Client Software Binary",
+ "Compromise Infrastructure",
+ "Container and Resource Discovery",
+ "Create Account",
+ "Create or Modify System Process",
+ "Credentials from Password Stores",
+ "Data Destruction",
+ "Data Encrypted for Impact",
+ "Data from Cloud Storage Object",
+ "Data from Configuration Repository",
+ "Data from Information Repositories",
+ "Data from Local System",
+ "Data Manipulation",
+ "Data Staged",
+ "Defacement",
+ "Deobfuscate/Decode Files or Information",
+ "Disk Wipe",
+ "Domain Trust Discovery",
+ "Drive-by Compromise",
+ "Dynamic Resolution",
+ "Endpoint Denial of Service",
+ "Event Triggered Execution",
+ "Exfiltration Over Alternative Protocol",
+ "Exploit Public-Facing Application",
+ "Exploitation for Client Execution",
+ "Exploitation for Credential Access",
+ "Exploitation for Defense Evasion",
+ "Exploitation for Privilege Escalation",
+ "Exploitation of Remote Services",
+ "External Remote Services",
+ "Fallback Channels",
+ "File and Directory Discovery",
+ "Gather Victim Network Information",
+ "Hide Artifacts",
+ "Hijack Execution Flow",
+ "Impair Defenses",
+ "Implant Container Image",
+ "Indicator Removal on Host",
+ "Indirect Command Execution",
+ "Ingress Tool Transfer",
+ "Input Capture",
+ "Inter-Process Communication",
+ "Lateral Tool Transfer",
+ "Man-in-the-Middle",
+ "Masquerading",
+ "Modify Authentication Process",
+ "Modify Registry",
+ "Network Denial of Service",
+ "Network Service Scanning",
+ "Network Sniffing",
+ "Non-Application Layer Protocol",
+ "Non-Standard Port",
+ "Obfuscated Files or Information",
+ "Obtain Capabilities",
+ "Obuscated Files or Information",
+ "Office Application Startup",
+ "OS Credential Dumping",
+ "Permission Groups Discovery",
+ "Phishing",
+ "Pre-OS Boot",
+ "Process Discovery",
+ "Process Injection",
+ "Protocol Tunneling",
+ "Proxy",
+ "Query Registry",
+ "Remote Access Software",
+ "Remote Service Session Hijacking",
+ "Remote Services",
+ "Remote System Discovery",
+ "Resource Hijacking",
+ "Scheduled Task/Job",
+ "Screen Capture",
+ "Search Victim-Owned Websites",
+ "Server Software Component",
+ "Service Stop",
+ "Signed Binary Proxy Execution",
+ "Software Deployment Tools",
+ "SQL Stored Procedures",
+ "Steal or Forge Kerberos Tickets",
+ "Subvert Trust Controls",
+ "Supply Chain Compromise",
+ "System Information Discovery",
+ "Taint Shared Content",
+ "Traffic Signaling",
+ "Transfer Data to Cloud Account",
+ "Trusted Relationship",
+ "Unsecured Credentials",
+ "User Execution",
+ "Valid Accounts",
+ "Windows Management Instrumentation",
+ "File and Directory Permissions Modification"
+ ],
+ "x-ms-enum": {
+ "name": "techniques",
+ "modelAsString": true,
+ "values": [
+ {
+ "value": "Abuse Elevation Control Mechanism"
+ },
+ {
+ "value": "Access Token Manipulation"
+ },
+ {
+ "value": "Account Discovery"
+ },
+ {
+ "value": "Account Manipulation"
+ },
+ {
+ "value": "Active Scanning"
+ },
+ {
+ "value": "Application Layer Protocol"
+ },
+ {
+ "value": "Audio Capture"
+ },
+ {
+ "value": "Boot or Logon Autostart Execution"
+ },
+ {
+ "value": "Boot or Logon Initialization Scripts"
+ },
+ {
+ "value": "Brute Force"
+ },
+ {
+ "value": "Cloud Infrastructure Discovery"
+ },
+ {
+ "value": "Cloud Service Dashboard"
+ },
+ {
+ "value": "Cloud Service Discovery"
+ },
+ {
+ "value": "Command and Scripting Interpreter"
+ },
+ {
+ "value": "Compromise Client Software Binary"
+ },
+ {
+ "value": "Compromise Infrastructure"
+ },
+ {
+ "value": "Container and Resource Discovery"
+ },
+ {
+ "value": "Create Account"
+ },
+ {
+ "value": "Create or Modify System Process"
+ },
+ {
+ "value": "Credentials from Password Stores"
+ },
+ {
+ "value": "Data Destruction"
+ },
+ {
+ "value": "Data Encrypted for Impact"
+ },
+ {
+ "value": "Data from Cloud Storage Object"
+ },
+ {
+ "value": "Data from Configuration Repository"
+ },
+ {
+ "value": "Data from Information Repositories"
+ },
+ {
+ "value": "Data from Local System"
+ },
+ {
+ "value": "Data Manipulation"
+ },
+ {
+ "value": "Data Staged"
+ },
+ {
+ "value": "Defacement"
+ },
+ {
+ "value": "Deobfuscate/Decode Files or Information"
+ },
+ {
+ "value": "Disk Wipe"
+ },
+ {
+ "value": "Domain Trust Discovery"
+ },
+ {
+ "value": "Drive-by Compromise"
+ },
+ {
+ "value": "Dynamic Resolution"
+ },
+ {
+ "value": "Endpoint Denial of Service"
+ },
+ {
+ "value": "Event Triggered Execution"
+ },
+ {
+ "value": "Exfiltration Over Alternative Protocol"
+ },
+ {
+ "value": "Exploit Public-Facing Application"
+ },
+ {
+ "value": "Exploitation for Client Execution"
+ },
+ {
+ "value": "Exploitation for Credential Access"
+ },
+ {
+ "value": "Exploitation for Defense Evasion"
+ },
+ {
+ "value": "Exploitation for Privilege Escalation"
+ },
+ {
+ "value": "Exploitation of Remote Services"
+ },
+ {
+ "value": "External Remote Services"
+ },
+ {
+ "value": "Fallback Channels"
+ },
+ {
+ "value": "File and Directory Discovery"
+ },
+ {
+ "value": "Gather Victim Network Information"
+ },
+ {
+ "value": "Hide Artifacts"
+ },
+ {
+ "value": "Hijack Execution Flow"
+ },
+ {
+ "value": "Impair Defenses"
+ },
+ {
+ "value": "Implant Container Image"
+ },
+ {
+ "value": "Indicator Removal on Host"
+ },
+ {
+ "value": "Indirect Command Execution"
+ },
+ {
+ "value": "Ingress Tool Transfer"
+ },
+ {
+ "value": "Input Capture"
+ },
+ {
+ "value": "Inter-Process Communication"
+ },
+ {
+ "value": "Lateral Tool Transfer"
+ },
+ {
+ "value": "Man-in-the-Middle"
+ },
+ {
+ "value": "Masquerading"
+ },
+ {
+ "value": "Modify Authentication Process"
+ },
+ {
+ "value": "Modify Registry"
+ },
+ {
+ "value": "Network Denial of Service"
+ },
+ {
+ "value": "Network Service Scanning"
+ },
+ {
+ "value": "Network Sniffing"
+ },
+ {
+ "value": "Non-Application Layer Protocol"
+ },
+ {
+ "value": "Non-Standard Port"
+ },
+ {
+ "value": "Obfuscated Files or Information"
+ },
+ {
+ "value": "Obtain Capabilities"
+ },
+ {
+ "value": "Obuscated Files or Information"
+ },
+ {
+ "value": "Office Application Startup"
+ },
+ {
+ "value": "OS Credential Dumping"
+ },
+ {
+ "value": "Permission Groups Discovery"
+ },
+ {
+ "value": "Phishing"
+ },
+ {
+ "value": "Pre-OS Boot"
+ },
+ {
+ "value": "Process Discovery"
+ },
+ {
+ "value": "Process Injection"
+ },
+ {
+ "value": "Protocol Tunneling"
+ },
+ {
+ "value": "Proxy"
+ },
+ {
+ "value": "Query Registry"
+ },
+ {
+ "value": "Remote Access Software"
+ },
+ {
+ "value": "Remote Service Session Hijacking"
+ },
+ {
+ "value": "Remote Services"
+ },
+ {
+ "value": "Remote System Discovery"
+ },
+ {
+ "value": "Resource Hijacking"
+ },
+ {
+ "value": "Scheduled Task/Job"
+ },
+ {
+ "value": "Screen Capture"
+ },
+ {
+ "value": "Search Victim-Owned Websites"
+ },
+ {
+ "value": "Server Software Component"
+ },
+ {
+ "value": "Service Stop"
+ },
+ {
+ "value": "Signed Binary Proxy Execution"
+ },
+ {
+ "value": "Software Deployment Tools"
+ },
+ {
+ "value": "SQL Stored Procedures"
+ },
+ {
+ "value": "Steal or Forge Kerberos Tickets"
+ },
+ {
+ "value": "Subvert Trust Controls"
+ },
+ {
+ "value": "Supply Chain Compromise"
+ },
+ {
+ "value": "System Information Discovery"
+ },
+ {
+ "value": "Taint Shared Content"
+ },
+ {
+ "value": "Traffic Signaling"
+ },
+ {
+ "value": "Transfer Data to Cloud Account"
+ },
+ {
+ "value": "Trusted Relationship"
+ },
+ {
+ "value": "Unsecured Credentials"
+ },
+ {
+ "value": "User Execution"
+ },
+ {
+ "value": "Valid Accounts"
+ },
+ {
+ "value": "Windows Management Instrumentation"
+ },
+ {
+ "value": "File and Directory Permissions Modification"
+ }
+ ]
+ }
+ }
+ }
+ },
+ "allOf": [
+ {
+ "$ref": "#/definitions/SecurityAssessmentMetadataProperties"
+ }
+ ]
+ }
+ },
+ "parameters": {
+ "AssessmentsMetadataName": {
+ "name": "assessmentMetadataName",
+ "in": "path",
+ "required": true,
+ "type": "string",
+ "description": "The Assessment Key - Unique key for the assessment type",
+ "x-ms-parameter-location": "method"
+ },
+ "SecurityAssessmentMetadataResponse": {
+ "name": "assessmentMetadata",
+ "in": "body",
+ "required": true,
+ "description": "AssessmentMetadata object",
+ "schema": {
+ "$ref": "#/definitions/SecurityAssessmentMetadataResponse"
+ },
+ "x-ms-parameter-location": "method"
+ }
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessments.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessments.json
new file mode 100644
index 000000000000..7fb23dbd17c5
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessments.json
@@ -0,0 +1,467 @@
+{
+ "swagger": "2.0",
+ "info": {
+ "title": "Security Center",
+ "description": "API spec for Microsoft.Security (Azure Security Center) resource provider",
+ "version": "2021-06-01"
+ },
+ "host": "management.azure.com",
+ "schemes": [
+ "https"
+ ],
+ "consumes": [
+ "application/json"
+ ],
+ "produces": [
+ "application/json"
+ ],
+ "security": [
+ {
+ "azure_auth": [
+ "user_impersonation"
+ ]
+ }
+ ],
+ "securityDefinitions": {
+ "azure_auth": {
+ "type": "oauth2",
+ "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize",
+ "flow": "implicit",
+ "description": "Azure Active Directory OAuth2 Flow",
+ "scopes": {
+ "user_impersonation": "impersonate your user account"
+ }
+ }
+ },
+ "paths": {
+ "/{scope}/providers/Microsoft.Security/assessments": {
+ "get": {
+ "x-ms-examples": {
+ "List security assessments": {
+ "$ref": "./examples/Assessments/ListAssessments_example.json"
+ }
+ },
+ "tags": [
+ "Assessments"
+ ],
+ "description": "Get security assessments on all your scanned resources inside a scope",
+ "operationId": "Assessments_List",
+ "parameters": [
+ {
+ "$ref": "../../../common/v1/types.json#/parameters/ApiVersion"
+ },
+ {
+ "$ref": "../../../common/v1/types.json#/parameters/Scope"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "OK",
+ "schema": {
+ "$ref": "#/definitions/SecurityAssessmentList"
+ }
+ },
+ "default": {
+ "description": "Error response describing why the operation failed.",
+ "schema": {
+ "$ref": "../../../common/v1/types.json#/definitions/CloudError"
+ }
+ }
+ },
+ "x-ms-pageable": {
+ "nextLinkName": "nextLink"
+ }
+ }
+ },
+ "/{resourceId}/providers/Microsoft.Security/assessments/{assessmentName}": {
+ "get": {
+ "x-ms-examples": {
+ "Get security recommendation task from security data location": {
+ "$ref": "./examples/Assessments/GetAssessment_example.json"
+ },
+ "Get security recommendation task from security data location with expand parameter": {
+ "$ref": "./examples/Assessments/GetAssessmentWithExpand_example.json"
+ }
+ },
+ "tags": [
+ "Assessments"
+ ],
+ "description": "Get a security assessment on your scanned resource",
+ "operationId": "Assessments_Get",
+ "parameters": [
+ {
+ "$ref": "../../../common/v1/types.json#/parameters/ApiVersion"
+ },
+ {
+ "$ref": "../../../common/v1/types.json#/parameters/ResourceId"
+ },
+ {
+ "$ref": "#/parameters/AssessmentName"
+ },
+ {
+ "$ref": "#/parameters/ExpandAssessments"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "OK",
+ "schema": {
+ "$ref": "#/definitions/SecurityAssessmentResponse"
+ }
+ },
+ "default": {
+ "description": "Error response describing why the operation failed.",
+ "schema": {
+ "$ref": "../../../common/v1/types.json#/definitions/CloudError"
+ }
+ }
+ }
+ },
+ "put": {
+ "x-ms-examples": {
+ "Create security recommendation task on a resource": {
+ "$ref": "./examples/Assessments/PutAssessment_example.json"
+ }
+ },
+ "tags": [
+ "Assessments"
+ ],
+ "description": "Create a security assessment on your resource. An assessment metadata that describes this assessment must be predefined with the same name before inserting the assessment result",
+ "operationId": "Assessments_CreateOrUpdate",
+ "parameters": [
+ {
+ "$ref": "../../../common/v1/types.json#/parameters/ApiVersion"
+ },
+ {
+ "$ref": "../../../common/v1/types.json#/parameters/ResourceId"
+ },
+ {
+ "$ref": "#/parameters/AssessmentName"
+ },
+ {
+ "$ref": "#/parameters/AssessmentBody"
+ }
+ ],
+ "responses": {
+ "201": {
+ "description": "Created",
+ "schema": {
+ "$ref": "#/definitions/SecurityAssessmentResponse"
+ }
+ },
+ "200": {
+ "description": "OK - Updated",
+ "schema": {
+ "$ref": "#/definitions/SecurityAssessmentResponse"
+ }
+ },
+ "default": {
+ "description": "Error response describing why the operation failed.",
+ "schema": {
+ "$ref": "../../../common/v1/types.json#/definitions/CloudError"
+ }
+ }
+ }
+ },
+ "delete": {
+ "x-ms-examples": {
+ "Delete a security recommendation task on a resource": {
+ "$ref": "./examples/Assessments/DeleteAssessment_example.json"
+ }
+ },
+ "tags": [
+ "Assessments"
+ ],
+ "description": "Delete a security assessment on your resource. An assessment metadata that describes this assessment must be predefined with the same name before inserting the assessment result",
+ "operationId": "Assessments_Delete",
+ "parameters": [
+ {
+ "$ref": "../../../common/v1/types.json#/parameters/ApiVersion"
+ },
+ {
+ "$ref": "../../../common/v1/types.json#/parameters/ResourceId"
+ },
+ {
+ "$ref": "#/parameters/AssessmentName"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "OK - Assessment was deleted"
+ },
+ "204": {
+ "description": "No Content - Assessment does not exist"
+ },
+ "default": {
+ "description": "Error response describing why the operation failed.",
+ "schema": {
+ "$ref": "../../../common/v1/types.json#/definitions/CloudError"
+ }
+ }
+ }
+ }
+ }
+ },
+ "definitions": {
+ "SecurityAssessmentList": {
+ "type": "object",
+ "description": "Page of a security assessments list",
+ "properties": {
+ "value": {
+ "description": "Collection of security assessments in this page",
+ "readOnly": true,
+ "type": "array",
+ "items": {
+ "$ref": "#/definitions/SecurityAssessmentResponse"
+ }
+ },
+ "nextLink": {
+ "readOnly": true,
+ "type": "string",
+ "description": "The URI to fetch the next page."
+ }
+ }
+ },
+ "SecurityAssessment": {
+ "type": "object",
+ "description": "Security assessment on a resource",
+ "properties": {
+ "properties": {
+ "x-ms-client-flatten": true,
+ "$ref": "#/definitions/SecurityAssessmentProperties"
+ }
+ },
+ "allOf": [
+ {
+ "$ref": "../../../common/v1/types.json#/definitions/Resource"
+ }
+ ]
+ },
+ "SecurityAssessmentResponse": {
+ "type": "object",
+ "description": "Security assessment on a resource - response format",
+ "properties": {
+ "properties": {
+ "x-ms-client-flatten": true,
+ "$ref": "#/definitions/SecurityAssessmentPropertiesResponse"
+ }
+ },
+ "allOf": [
+ {
+ "$ref": "../../../common/v1/types.json#/definitions/Resource"
+ }
+ ]
+ },
+ "SecurityAssessmentProperties": {
+ "type": "object",
+ "description": "Describes properties of an assessment.",
+ "properties": {
+ "status": {
+ "$ref": "#/definitions/AssessmentStatus"
+ }
+ },
+ "allOf": [
+ {
+ "$ref": "#/definitions/SecurityAssessmentPropertiesBase"
+ }
+ ],
+ "required": [
+ "status"
+ ]
+ },
+ "SecurityAssessmentPropertiesResponse": {
+ "type": "object",
+ "description": "Describes properties of an assessment.",
+ "properties": {
+ "status": {
+ "$ref": "#/definitions/AssessmentStatusResponse"
+ }
+ },
+ "allOf": [
+ {
+ "$ref": "#/definitions/SecurityAssessmentPropertiesBase"
+ }
+ ],
+ "required": [
+ "status"
+ ]
+ },
+ "SecurityAssessmentPropertiesBase": {
+ "type": "object",
+ "description": "Describes properties of an assessment.",
+ "properties": {
+ "resourceDetails": {
+ "$ref": "../../../common/v1/types.json#/definitions/ResourceDetails"
+ },
+ "displayName": {
+ "readOnly": true,
+ "type": "string",
+ "description": "User friendly display name of the assessment"
+ },
+ "additionalData": {
+ "type": "object",
+ "description": "Additional data regarding the assessment",
+ "additionalProperties": {
+ "type": "string"
+ }
+ },
+ "links": {
+ "$ref": "#/definitions/AssessmentLinks"
+ },
+ "metadata": {
+ "$ref": "./assessmentMetadata.json#/definitions/SecurityAssessmentMetadataProperties"
+ },
+ "partnersData": {
+ "$ref": "#/definitions/SecurityAssessmentPartnerData"
+ }
+ },
+ "required": [
+ "resourceDetails"
+ ]
+ },
+ "SecurityAssessmentPartnerData": {
+ "type": "object",
+ "description": "Data regarding 3rd party partner integration",
+ "properties": {
+ "partnerName": {
+ "type": "string",
+ "description": "Name of the company of the partner"
+ },
+ "secret": {
+ "type": "string",
+ "description": "secret to authenticate the partner - write only",
+ "x-ms-secret": true
+ }
+ },
+ "required": [
+ "partnerName",
+ "secret"
+ ]
+ },
+ "AssessmentLinks": {
+ "type": "object",
+ "description": "Links relevant to the assessment",
+ "readOnly": true,
+ "properties": {
+ "azurePortalUri": {
+ "type": "string",
+ "description": "Link to assessment in Azure Portal",
+ "readOnly": true
+ }
+ }
+ },
+ "AssessmentStatusResponse": {
+ "type": "object",
+ "description": "The result of the assessment",
+ "properties": {
+ "firstEvaluationDate": {
+ "readOnly": true,
+ "type": "string",
+ "format": "date-time",
+ "description": "The time that the assessment was created and first evaluated. Returned as UTC time in ISO 8601 format"
+ },
+ "statusChangeDate": {
+ "readOnly": true,
+ "type": "string",
+ "format": "date-time",
+ "description": "The time that the status of the assessment last changed. Returned as UTC time in ISO 8601 format"
+ }
+ },
+ "allOf": [
+ {
+ "$ref": "#/definitions/AssessmentStatus"
+ }
+ ]
+ },
+ "AssessmentStatus": {
+ "type": "object",
+ "description": "The result of the assessment",
+ "properties": {
+ "code": {
+ "type": "string",
+ "description": "Programmatic code for the status of the assessment",
+ "enum": [
+ "Healthy",
+ "Unhealthy",
+ "NotApplicable"
+ ],
+ "x-ms-enum": {
+ "name": "AssessmentStatusCode",
+ "modelAsString": true,
+ "values": [
+ {
+ "value": "Healthy",
+ "description": "The resource is healthy"
+ },
+ {
+ "value": "Unhealthy",
+ "description": "The resource has a security issue that needs to be addressed"
+ },
+ {
+ "value": "NotApplicable",
+ "description": "Assessment for this resource did not happen"
+ }
+ ]
+ }
+ },
+ "cause": {
+ "type": "string",
+ "description": "Programmatic code for the cause of the assessment status"
+ },
+ "description": {
+ "type": "string",
+ "description": "Human readable description of the assessment status"
+ }
+ },
+ "required": [
+ "code"
+ ]
+ }
+ },
+ "parameters": {
+ "ExpandAssessments": {
+ "name": "$expand",
+ "in": "query",
+ "required": false,
+ "type": "string",
+ "description": "OData expand. Optional.",
+ "x-ms-parameter-location": "method",
+ "enum": [
+ "links",
+ "metadata"
+ ],
+ "x-ms-enum": {
+ "name": "ExpandEnum",
+ "modelAsString": true,
+ "values": [
+ {
+ "value": "links",
+ "description": "All links associated with an assessment"
+ },
+ {
+ "value": "metadata",
+ "description": "Assessment metadata"
+ }
+ ]
+ }
+ },
+ "AssessmentName": {
+ "name": "assessmentName",
+ "in": "path",
+ "required": true,
+ "type": "string",
+ "description": "The Assessment Key - Unique key for the assessment type",
+ "x-ms-parameter-location": "method"
+ },
+ "AssessmentBody": {
+ "name": "assessment",
+ "in": "body",
+ "required": true,
+ "schema": {
+ "$ref": "#/definitions/SecurityAssessment"
+ },
+ "description": "Calculated assessment on a pre-defined assessment metadata",
+ "x-ms-parameter-location": "method"
+ }
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/DeleteAssessment_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/DeleteAssessment_example.json
new file mode 100644
index 000000000000..5a4da6233241
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/DeleteAssessment_example.json
@@ -0,0 +1,11 @@
+{
+ "parameters": {
+ "api-version": "2021-06-01",
+ "resourceId": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss2",
+ "assessmentName": "8bb8be0a-6010-4789-812f-e4d661c4ed0e"
+ },
+ "responses": {
+ "200": {},
+ "204": {}
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/GetAssessmentWithExpand_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/GetAssessmentWithExpand_example.json
new file mode 100644
index 000000000000..216a2c29dbc4
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/GetAssessmentWithExpand_example.json
@@ -0,0 +1,37 @@
+{
+ "parameters": {
+ "api-version": "2021-06-01",
+ "resourceId": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss2",
+ "assessmentName": "21300918-b2e3-0346-785f-c77ff57d243b",
+ "$expand": "links"
+ },
+ "responses": {
+ "200": {
+ "body": {
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss2/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b",
+ "name": "21300918-b2e3-0346-785f-c77ff57d243b",
+ "type": "Microsoft.Security/assessments",
+ "properties": {
+ "resourceDetails": {
+ "source": "Azure",
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss2"
+ },
+ "displayName": "Install endpoint protection solution on virtual machine scale sets",
+ "status": {
+ "code": "NotApplicable",
+ "cause": "OffByPolicy",
+ "description": "The effective policy for the assessment was evaluated to off - use Microsoft.Authorization/policyAssignments to turn this assessment on",
+ "statusChangeDate": "2021-04-12T09:07:18.6759138Z",
+ "firstEvaluationDate": "2021-04-12T09:07:18.6759138Z"
+ },
+ "additionalData": {
+ "linkedWorkspaceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myLaWorkspace"
+ },
+ "links": {
+ "azurePortalUri": "https://www.portal.azure.com/?fea#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/21300918-b2e3-0346-785f-c77ff57d243b"
+ }
+ }
+ }
+ }
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/GetAssessment_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/GetAssessment_example.json
new file mode 100644
index 000000000000..00cc1cd605ad
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/GetAssessment_example.json
@@ -0,0 +1,33 @@
+{
+ "parameters": {
+ "api-version": "2021-06-01",
+ "resourceId": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss2",
+ "assessmentName": "21300918-b2e3-0346-785f-c77ff57d243b"
+ },
+ "responses": {
+ "200": {
+ "body": {
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss2/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b",
+ "name": "21300918-b2e3-0346-785f-c77ff57d243b",
+ "type": "Microsoft.Security/assessments",
+ "properties": {
+ "resourceDetails": {
+ "source": "Azure",
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss2"
+ },
+ "displayName": "Install endpoint protection solution on virtual machine scale sets",
+ "status": {
+ "code": "NotApplicable",
+ "cause": "OffByPolicy",
+ "description": "The effective policy for the assessment was evaluated to off - use Microsoft.Authorization/policyAssignments to turn this assessment on",
+ "statusChangeDate": "2021-04-12T09:07:18.6759138Z",
+ "firstEvaluationDate": "2021-04-12T09:07:18.6759138Z"
+ },
+ "additionalData": {
+ "linkedWorkspaceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myLaWorkspace"
+ }
+ }
+ }
+ }
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/ListAssessments_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/ListAssessments_example.json
new file mode 100644
index 000000000000..9fcb5d07a2f7
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/ListAssessments_example.json
@@ -0,0 +1,53 @@
+{
+ "parameters": {
+ "api-version": "2021-06-01",
+ "scope": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"
+ },
+ "responses": {
+ "200": {
+ "body": {
+ "value": [
+ {
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss1/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b",
+ "name": "21300918-b2e3-0346-785f-c77ff57d243b",
+ "type": "Microsoft.Security/assessments",
+ "properties": {
+ "resourceDetails": {
+ "source": "Azure",
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss1"
+ },
+ "displayName": "Install endpoint protection solution on virtual machine scale sets",
+ "status": {
+ "code": "Healthy",
+ "statusChangeDate": "2021-04-12T09:07:18.6759138Z",
+ "firstEvaluationDate": "2021-04-12T09:07:18.6759138Z"
+ }
+ }
+ },
+ {
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss2/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b",
+ "name": "21300918-b2e3-0346-785f-c77ff57d243b",
+ "type": "Microsoft.Security/assessments",
+ "properties": {
+ "resourceDetails": {
+ "source": "Azure",
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss2"
+ },
+ "displayName": "Install endpoint protection solution on virtual machine scale sets",
+ "status": {
+ "code": "NotApplicable",
+ "cause": "OffByPolicy",
+ "description": "The effective policy for the assessment was evaluated to off - use Microsoft.Authorization/policyAssignments to turn this assessment on",
+ "statusChangeDate": "2021-04-12T09:07:18.6759138Z",
+ "firstEvaluationDate": "2021-04-12T09:07:18.6759138Z"
+ },
+ "additionalData": {
+ "linkedWorkspaceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myLaWorkspace"
+ }
+ }
+ }
+ ]
+ }
+ }
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/PutAssessment_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/PutAssessment_example.json
new file mode 100644
index 000000000000..36964844cd9c
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/PutAssessment_example.json
@@ -0,0 +1,53 @@
+{
+ "parameters": {
+ "api-version": "2021-06-01",
+ "resourceId": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss2",
+ "assessmentName": "8bb8be0a-6010-4789-812f-e4d661c4ed0e",
+ "assessment": {
+ "properties": {
+ "resourceDetails": {
+ "source": "Azure"
+ },
+ "status": {
+ "code": "Healthy"
+ }
+ }
+ }
+ },
+ "responses": {
+ "200": {
+ "body": {
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss1/providers/Microsoft.Security/assessments/8bb8be0a-6010-4789-812f-e4d661c4ed0e",
+ "name": "8bb8be0a-6010-4789-812f-e4d661c4ed0e",
+ "type": "Microsoft.Security/assessments",
+ "properties": {
+ "resourceDetails": {
+ "source": "Azure",
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss1/providers/Microsoft.Security/assessments/8bb8be0a-6010-4789-812f-e4d661c4ed0e"
+ },
+ "displayName": "Install internal agent on VM",
+ "status": {
+ "code": "Healthy"
+ }
+ }
+ }
+ },
+ "201": {
+ "body": {
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss1/providers/Microsoft.Security/assessments/8bb8be0a-6010-4789-812f-e4d661c4ed0e",
+ "name": "8bb8be0a-6010-4789-812f-e4d661c4ed0e",
+ "type": "Microsoft.Security/assessments",
+ "properties": {
+ "resourceDetails": {
+ "source": "Azure",
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss1/providers/Microsoft.Security/assessments/8bb8be0a-6010-4789-812f-e4d661c4ed0e"
+ },
+ "displayName": "Install internal agent on VM",
+ "status": {
+ "code": "Healthy"
+ }
+ }
+ }
+ }
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/CreateAssessmentsMetadata_subscription_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/CreateAssessmentsMetadata_subscription_example.json
new file mode 100644
index 000000000000..f2f8d67693b6
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/CreateAssessmentsMetadata_subscription_example.json
@@ -0,0 +1,52 @@
+{
+ "parameters": {
+ "api-version": "2021-06-01",
+ "subscriptionId": "0980887d-03d6-408c-9566-532f3456804e",
+ "assessmentMetadataName": "ca039e75-a276-4175-aebc-bcd41e4b14b7",
+ "assessmentMetadata": {
+ "properties": {
+ "displayName": "Install endpoint protection solution on virtual machine scale sets",
+ "description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.",
+ "remediationDescription": "To install an endpoint protection solution: 1. Follow the instructions in How do I turn on antimalware in my virtual machine scale set",
+ "categories": [
+ "Compute"
+ ],
+ "severity": "Medium",
+ "userImpact": "Low",
+ "implementationEffort": "Low",
+ "threats": [
+ "dataExfiltration",
+ "dataSpillage",
+ "maliciousInsider"
+ ],
+ "assessmentType": "CustomerManaged"
+ }
+ }
+ },
+ "responses": {
+ "200": {
+ "body": {
+ "id": "/providers/Microsoft.Security/assessmentMetadata/ca039e75-a276-4175-aebc-bcd41e4b14b7",
+ "name": "ca039e75-a276-4175-aebc-bcd41e4b14b7",
+ "type": "Microsoft.Security/assessmentMetadata",
+ "properties": {
+ "displayName": "My organization security assessment",
+ "description": "Assessment that my organization created to view our security assessment in Azure Security Center",
+ "remediationDescription": "Fix it with these remediation instructions",
+ "categories": [
+ "Compute"
+ ],
+ "severity": "Medium",
+ "userImpact": "Low",
+ "implementationEffort": "Low",
+ "threats": [
+ "dataExfiltration",
+ "dataSpillage",
+ "maliciousInsider"
+ ],
+ "assessmentType": "CustomerManaged"
+ }
+ }
+ }
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/DeleteAssessmentsMetadata_subscription_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/DeleteAssessmentsMetadata_subscription_example.json
new file mode 100644
index 000000000000..592c45b8848b
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/DeleteAssessmentsMetadata_subscription_example.json
@@ -0,0 +1,10 @@
+{
+ "parameters": {
+ "api-version": "2021-06-01",
+ "subscriptionId": "0980887d-03d6-408c-9566-532f3456804e",
+ "assessmentMetadataName": "ca039e75-a276-4175-aebc-bcd41e4b14b7"
+ },
+ "responses": {
+ "200": {}
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_example.json
new file mode 100644
index 000000000000..1d3b5a8c2ae8
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_example.json
@@ -0,0 +1,53 @@
+{
+ "parameters": {
+ "api-version": "2021-06-01",
+ "assessmentMetadataName": "21300918-b2e3-0346-785f-c77ff57d243b"
+ },
+ "responses": {
+ "200": {
+ "body": {
+ "id": "/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b",
+ "name": "21300918-b2e3-0346-785f-c77ff57d243b",
+ "type": "Microsoft.Security/assessmentMetadata",
+ "properties": {
+ "displayName": "Install endpoint protection solution on virtual machine scale sets",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de",
+ "description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.",
+ "remediationDescription": "To install an endpoint protection solution: 1. Follow the instructions in How do I turn on antimalware in my virtual machine scale set",
+ "categories": [
+ "Compute"
+ ],
+ "severity": "Medium",
+ "userImpact": "Low",
+ "implementationEffort": "Low",
+ "threats": [
+ "dataExfiltration",
+ "dataSpillage",
+ "maliciousInsider"
+ ],
+ "publishDates": {
+ "GA": "06/01/2021",
+ "public": "06/01/2021"
+ },
+ "plannedDeprecationDate": "03/2022",
+ "tactics": [
+ "Credential Access",
+ "Persistence",
+ "Execution",
+ "Defense Evasion",
+ "Collection",
+ "Discovery",
+ "Privilege Escalation"
+ ],
+ "techniques": [
+ "Obuscated Files or Information",
+ "Ingress Tool Transfer",
+ "Phishing",
+ "User Execution"
+ ],
+ "assessmentType": "BuiltIn"
+ }
+ }
+ }
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_subscription_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_subscription_example.json
new file mode 100644
index 000000000000..eccba4cfa404
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_subscription_example.json
@@ -0,0 +1,54 @@
+{
+ "parameters": {
+ "api-version": "2021-06-01",
+ "subscriptionId": "0980887d-03d6-408c-9566-532f3456804e",
+ "assessmentMetadataName": "21300918-b2e3-0346-785f-c77ff57d243b"
+ },
+ "responses": {
+ "200": {
+ "body": {
+ "id": "/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b",
+ "name": "21300918-b2e3-0346-785f-c77ff57d243b",
+ "type": "Microsoft.Security/assessmentMetadata",
+ "properties": {
+ "displayName": "Install endpoint protection solution on virtual machine scale sets",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de",
+ "description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.",
+ "remediationDescription": "To install an endpoint protection solution: 1. Follow the instructions in How do I turn on antimalware in my virtual machine scale set",
+ "categories": [
+ "Compute"
+ ],
+ "severity": "Medium",
+ "userImpact": "Low",
+ "implementationEffort": "Low",
+ "threats": [
+ "dataExfiltration",
+ "dataSpillage",
+ "maliciousInsider"
+ ],
+ "publishDates": {
+ "GA": "06/01/2021",
+ "public": "06/01/2021"
+ },
+ "plannedDeprecationDate": "03/2022",
+ "tactics": [
+ "Credential Access",
+ "Persistence",
+ "Execution",
+ "Defense Evasion",
+ "Collection",
+ "Discovery",
+ "Privilege Escalation"
+ ],
+ "techniques": [
+ "Obuscated Files or Information",
+ "Ingress Tool Transfer",
+ "Phishing",
+ "User Execution"
+ ],
+ "assessmentType": "BuiltIn"
+ }
+ }
+ }
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_example.json
new file mode 100644
index 000000000000..9dd72f1eddb5
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_example.json
@@ -0,0 +1,106 @@
+{
+ "parameters": {
+ "api-version": "2021-06-01"
+ },
+ "responses": {
+ "200": {
+ "body": {
+ "value": [
+ {
+ "id": "/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b",
+ "name": "21300918-b2e3-0346-785f-c77ff57d243b",
+ "type": "Microsoft.Security/assessmentMetadata",
+ "properties": {
+ "displayName": "Install endpoint protection solution on virtual machine scale sets",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de",
+ "description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.",
+ "remediationDescription": "To install an endpoint protection solution: 1. Follow the instructions in How do I turn on antimalware in my virtual machine scale set",
+ "categories": [
+ "Compute"
+ ],
+ "severity": "Medium",
+ "userImpact": "Low",
+ "implementationEffort": "Low",
+ "threats": [
+ "dataExfiltration",
+ "dataSpillage",
+ "maliciousInsider"
+ ],
+ "publishDates": {
+ "GA": "06/01/2021",
+ "public": "06/01/2021"
+ },
+ "plannedDeprecationDate": "03/2022",
+ "tactics": [
+ "Credential Access",
+ "Persistence",
+ "Execution",
+ "Defense Evasion",
+ "Collection",
+ "Discovery",
+ "Privilege Escalation"
+ ],
+ "techniques": [
+ "Obuscated Files or Information",
+ "Ingress Tool Transfer",
+ "Phishing",
+ "User Execution"
+ ],
+ "assessmentType": "BuiltIn"
+ }
+ },
+ {
+ "id": "/providers/Microsoft.Security/assessmentMetadata/bc303248-3d14-44c2-96a0-55f5c326b5fe",
+ "name": "bc303248-3d14-44c2-96a0-55f5c326b5fe",
+ "type": "Microsoft.Security/assessmentMetadata",
+ "properties": {
+ "displayName": "Close management ports on your virtual machines",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917",
+ "description": "Open remote management ports expose your VM to a high level of risk from internet-based attacks that attempt to brute force credentials to gain admin access to the machine.",
+ "remediationDescription": "We recommend that you edit the inbound rules of the below virtual machines to restrict access to specific source ranges.
To restrict the access to your virtual machines: 1. Click on a VM from the list below 2. At the 'Networking' blade, click on each of the rules that allow management ports (e.g. RDP-3389, WINRM-5985, SSH-22) 3. Change the 'Action' property to 'Deny' 4. Click 'Save'",
+ "categories": [
+ "Networking"
+ ],
+ "severity": "Medium",
+ "userImpact": "High",
+ "implementationEffort": "Low",
+ "threats": [
+ "dataExfiltration",
+ "dataSpillage",
+ "maliciousInsider"
+ ],
+ "publishDates": {
+ "GA": "06/01/2021",
+ "public": "06/01/2021"
+ },
+ "preview": true,
+ "assessmentType": "CustomPolicy"
+ }
+ },
+ {
+ "id": "/providers/Microsoft.Security/assessmentMetadata/ca039e75-a276-4175-aebc-bcd41e4b14b7",
+ "name": "ca039e75-a276-4175-aebc-bcd41e4b14b7",
+ "type": "Microsoft.Security/assessmentMetadata",
+ "properties": {
+ "displayName": "My organization security assessment",
+ "description": "Assessment that my organization created to view our security assessment in Azure Security Center",
+ "remediationDescription": "Fix it with these remediation instructions",
+ "categories": [
+ "Compute"
+ ],
+ "severity": "Medium",
+ "userImpact": "Low",
+ "implementationEffort": "Low",
+ "threats": [],
+ "publishDates": {
+ "GA": "06/01/2021",
+ "public": "06/01/2021"
+ },
+ "assessmentType": "CustomerManaged"
+ }
+ }
+ ]
+ }
+ }
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_subscription_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_subscription_example.json
new file mode 100644
index 000000000000..652a8c6eca31
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_subscription_example.json
@@ -0,0 +1,85 @@
+{
+ "parameters": {
+ "api-version": "2021-06-01",
+ "subscriptionId": "0980887d-03d6-408c-9566-532f3456804e"
+ },
+ "responses": {
+ "200": {
+ "body": {
+ "value": [
+ {
+ "id": "/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b",
+ "name": "21300918-b2e3-0346-785f-c77ff57d243b",
+ "type": "Microsoft.Security/assessmentMetadata",
+ "properties": {
+ "displayName": "Install endpoint protection solution on virtual machine scale sets",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de",
+ "description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.",
+ "remediationDescription": "To install an endpoint protection solution: 1. Follow the instructions in How do I turn on antimalware in my virtual machine scale set",
+ "categories": [
+ "Compute"
+ ],
+ "severity": "Medium",
+ "userImpact": "Low",
+ "implementationEffort": "Low",
+ "threats": [
+ "dataExfiltration",
+ "dataSpillage",
+ "maliciousInsider"
+ ],
+ "publishDates": {
+ "GA": "06/01/2021",
+ "public": "06/01/2021"
+ },
+ "plannedDeprecationDate": "03/2022",
+ "tactics": [
+ "Credential Access",
+ "Persistence",
+ "Execution",
+ "Defense Evasion",
+ "Collection",
+ "Discovery",
+ "Privilege Escalation"
+ ],
+ "techniques": [
+ "Obuscated Files or Information",
+ "Ingress Tool Transfer",
+ "Phishing",
+ "User Execution"
+ ],
+ "assessmentType": "BuiltIn"
+ }
+ },
+ {
+ "id": "/providers/Microsoft.Security/assessmentMetadata/bc303248-3d14-44c2-96a0-55f5c326b5fe",
+ "name": "bc303248-3d14-44c2-96a0-55f5c326b5fe",
+ "type": "Microsoft.Security/assessmentMetadata",
+ "properties": {
+ "displayName": "Close management ports on your virtual machines",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917",
+ "description": "Open remote management ports expose your VM to a high level of risk from internet-based attacks that attempt to brute force credentials to gain admin access to the machine.",
+ "remediationDescription": "We recommend that you edit the inbound rules of the below virtual machines to restrict access to specific source ranges.
To restrict the access to your virtual machines: 1. Click on a VM from the list below 2. At the 'Networking' blade, click on each of the rules that allow management ports (e.g. RDP-3389, WINRM-5985, SSH-22) 3. Change the 'Action' property to 'Deny' 4. Click 'Save'",
+ "categories": [
+ "Networking"
+ ],
+ "severity": "Medium",
+ "userImpact": "High",
+ "implementationEffort": "Low",
+ "threats": [
+ "dataExfiltration",
+ "dataSpillage",
+ "maliciousInsider"
+ ],
+ "publishDates": {
+ "GA": "06/01/2021",
+ "public": "06/01/2021"
+ },
+ "preview": true,
+ "assessmentType": "CustomPolicy"
+ }
+ }
+ ]
+ }
+ }
+ }
+}
diff --git a/specification/security/resource-manager/readme.md b/specification/security/resource-manager/readme.md
index d4b674a1eb50..af7c25d76a62 100644
--- a/specification/security/resource-manager/readme.md
+++ b/specification/security/resource-manager/readme.md
@@ -175,8 +175,8 @@ input-file:
- Microsoft.Security/preview/2019-01-01-preview/automations.json
- Microsoft.Security/preview/2019-01-01-preview/alertsSuppressionRules.json
- Microsoft.Security/stable/2020-01-01/serverVulnerabilityAssessments.json
-- Microsoft.Security/stable/2020-01-01/assessmentMetadata.json
-- Microsoft.Security/stable/2020-01-01/assessments.json
+- Microsoft.Security/stable/2021-06-01/assessmentMetadata.json
+- Microsoft.Security/stable/2021-06-01/assessments.json
- Microsoft.Security/stable/2020-01-01/applicationWhitelistings.json
- Microsoft.Security/stable/2020-01-01/adaptiveNetworkHardenings.json
- Microsoft.Security/stable/2020-01-01/allowedConnections.json
@@ -421,6 +421,8 @@ These settings apply only when `--tag=package-2021-06-only` is specified on the
``` yaml $(tag) == 'package-2021-06-only'
input-file:
- Microsoft.Security/stable/2021-06-01/settings.json
+- Microsoft.Security/stable/2021-06-01/assessmentMetadata.json
+- Microsoft.Security/stable/2021-06-01/assessments.json
# Needed when there is more than one input file
override-info: