From 7bc74652d556494b66a1576962a882c1efc3610f Mon Sep 17 00:00:00 2001 From: "MIDDLEEAST\\morbrisker" Date: Tue, 27 Jul 2021 16:10:16 +0300 Subject: [PATCH 01/11] Add2021-06-01AsessmentsAPIVersion --- .../stable/2021-06-01/assessmentMetadata.json | 678 ++++++++++++++++++ .../stable/2021-06-01/assessments.json | 467 ++++++++++++ .../Assessments/DeleteAssessment_example.json | 11 + .../GetAssessmentWithExpand_example.json | 37 + .../Assessments/GetAssessment_example.json | 33 + .../Assessments/ListAssessments_example.json | 53 ++ .../Assessments/PutAssessment_example.json | 53 ++ ...essmentsMetadata_subscription_example.json | 52 ++ ...essmentsMetadata_subscription_example.json | 10 + .../GetAssessmentsMetadata_example.json | 47 ++ ...essmentsMetadata_subscription_example.json | 48 ++ .../ListAssessmentsMetadata_example.json | 100 +++ ...essmentsMetadata_subscription_example.json | 79 ++ 13 files changed, 1668 insertions(+) create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessmentMetadata.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessments.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/DeleteAssessment_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/GetAssessmentWithExpand_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/GetAssessment_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/ListAssessments_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/PutAssessment_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/CreateAssessmentsMetadata_subscription_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/DeleteAssessmentsMetadata_subscription_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_subscription_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_subscription_example.json diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessmentMetadata.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessmentMetadata.json new file mode 100644 index 000000000000..bf544d0b5101 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessmentMetadata.json @@ -0,0 +1,678 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Center", + "description": "API spec for Microsoft.Security (Azure Security Center) resource provider", + "version": "2021-06-01" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/providers/Microsoft.Security/assessmentMetadata": { + "get": { + "x-ms-examples": { + "List security assessment metadata": { + "$ref": "./examples/AssessmentsMetadata/ListAssessmentsMetadata_example.json" + } + }, + "tags": [ + "Assessments Metadata" + ], + "description": "Get metadata information on all assessment types", + "operationId": "AssessmentsMetadata_List", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SecurityAssessmentMetadataResponseList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/providers/Microsoft.Security/assessmentMetadata/{assessmentMetadataName}": { + "get": { + "x-ms-examples": { + "Get security assessment metadata": { + "$ref": "./examples/AssessmentsMetadata/GetAssessmentsMetadata_example.json" + } + }, + "tags": [ + "Assessments Metadata" + ], + "description": "Get metadata information on an assessment type", + "operationId": "AssessmentsMetadata_Get", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/AssessmentsMetadataName" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SecurityAssessmentMetadataResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Security/assessmentMetadata": { + "get": { + "x-ms-examples": { + "List security assessment metadata for subscription": { + "$ref": "./examples/AssessmentsMetadata/ListAssessmentsMetadata_subscription_example.json" + } + }, + "tags": [ + "Assessments Metadata" + ], + "description": "Get metadata information on all assessment types in a specific subscription", + "operationId": "AssessmentsMetadata_ListBySubscription", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SecurityAssessmentMetadataResponseList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Security/assessmentMetadata/{assessmentMetadataName}": { + "get": { + "x-ms-examples": { + "Get security assessment metadata for subscription": { + "$ref": "./examples/AssessmentsMetadata/GetAssessmentsMetadata_subscription_example.json" + } + }, + "tags": [ + "Assessments Metadata" + ], + "description": "Get metadata information on an assessment type in a specific subscription", + "operationId": "AssessmentsMetadata_GetInSubscription", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/AssessmentsMetadataName" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SecurityAssessmentMetadataResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Create security assessment metadata for subscription": { + "$ref": "./examples/AssessmentsMetadata/CreateAssessmentsMetadata_subscription_example.json" + } + }, + "tags": [ + "Assessments Metadata" + ], + "description": "Create metadata information on an assessment type in a specific subscription", + "operationId": "AssessmentsMetadata_CreateInSubscription", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/AssessmentsMetadataName" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "#/parameters/SecurityAssessmentMetadata" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SecurityAssessmentMetadataResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a security assessment metadata for subscription": { + "$ref": "./examples/AssessmentsMetadata/DeleteAssessmentsMetadata_subscription_example.json" + } + }, + "tags": [ + "Assessments Metadata" + ], + "description": "Delete metadata information on an assessment type in a specific subscription, will cause the deletion of all the assessments of that type in that subscription", + "operationId": "AssessmentsMetadata_DeleteInSubscription", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/AssessmentsMetadataName" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "SecurityAssessmentMetadataResponseList": { + "type": "object", + "description": "List of security assessment metadata", + "properties": { + "value": { + "readOnly": true, + "type": "array", + "items": { + "$ref": "#/definitions/SecurityAssessmentMetadataResponse" + } + }, + "nextLink": { + "readOnly": true, + "type": "string", + "description": "The URI to fetch the next page." + } + } + }, + "SecurityAssessmentMetadata": { + "type": "object", + "description": "Security assessment metadata", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/SecurityAssessmentMetadataProperties" + } + }, + "allOf": [ + { + "$ref": "../../../common/v1/types.json#/definitions/Resource" + } + ] + }, + "SecurityAssessmentMetadataResponse": { + "type": "object", + "description": "Security assessment metadata response", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/SecurityAssessmentMetadataPropertiesResponse" + } + }, + "allOf": [ + { + "$ref": "../../../common/v1/types.json#/definitions/Resource" + } + ] + }, + "SecurityAssessmentMetadataProperties": { + "type": "object", + "description": "Describes properties of an assessment metadata.", + "properties": { + "displayName": { + "type": "string", + "description": "User friendly display name of the assessment" + }, + "policyDefinitionId": { + "readOnly": true, + "type": "string", + "description": "Azure resource ID of the policy definition that turns this assessment calculation on" + }, + "description": { + "type": "string", + "description": "Human readable description of the assessment" + }, + "remediationDescription": { + "type": "string", + "description": "Human readable description of what you should do to mitigate this security issue" + }, + "categories": { + "type": "array", + "items": { + "type": "string", + "description": "The categories of resource that is at risk when the assessment is unhealthy", + "enum": [ + "Compute", + "Networking", + "Data", + "IdentityAndAccess", + "IoT" + ], + "x-ms-enum": { + "name": "categories", + "modelAsString": true, + "values": [ + { + "value": "Compute" + }, + { + "value": "Networking" + }, + { + "value": "Data" + }, + { + "value": "IdentityAndAccess" + }, + { + "value": "IoT" + } + ] + } + } + }, + "severity": { + "type": "string", + "description": "The severity level of the assessment", + "enum": [ + "Low", + "Medium", + "High" + ], + "x-ms-enum": { + "name": "severity", + "modelAsString": true, + "values": [ + { + "value": "Low" + }, + { + "value": "Medium" + }, + { + "value": "High" + } + ] + } + }, + "userImpact": { + "type": "string", + "description": "The user impact of the assessment", + "enum": [ + "Low", + "Moderate", + "High" + ], + "x-ms-enum": { + "name": "userImpact", + "modelAsString": true, + "values": [ + { + "value": "Low" + }, + { + "value": "Moderate" + }, + { + "value": "High" + } + ] + } + }, + "implementationEffort": { + "type": "string", + "description": "The implementation effort required to remediate this assessment", + "enum": [ + "Low", + "Moderate", + "High" + ], + "x-ms-enum": { + "name": "implementationEffort", + "modelAsString": true, + "values": [ + { + "value": "Low" + }, + { + "value": "Moderate" + }, + { + "value": "High" + } + ] + } + }, + "threats": { + "type": "array", + "items": { + "type": "string", + "description": "Threats impact of the assessment", + "enum": [ + "accountBreach", + "dataExfiltration", + "dataSpillage", + "maliciousInsider", + "elevationOfPrivilege", + "threatResistance", + "missingCoverage", + "denialOfService" + ], + "x-ms-enum": { + "name": "threats", + "modelAsString": true, + "values": [ + { + "value": "accountBreach" + }, + { + "value": "dataExfiltration" + }, + { + "value": "dataSpillage" + }, + { + "value": "maliciousInsider" + }, + { + "value": "elevationOfPrivilege" + }, + { + "value": "threatResistance" + }, + { + "value": "missingCoverage" + }, + { + "value": "denialOfService" + } + ] + } + } + }, + "preview": { + "type": "boolean", + "description": "True if this assessment is in preview release status" + }, + "assessmentType": { + "type": "string", + "description": "BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition", + "enum": [ + "BuiltIn", + "CustomPolicy", + "CustomerManaged", + "VerifiedPartner" + ], + "x-ms-enum": { + "name": "assessmentType", + "modelAsString": true, + "values": [ + { + "value": "BuiltIn", + "description": "Azure Security Center managed assessments" + }, + { + "value": "CustomPolicy", + "description": "User defined policies that are automatically ingested from Azure Policy to Azure Security Center" + }, + { + "value": "CustomerManaged", + "description": "User assessments pushed directly by the user or other third party to Azure Security Center" + }, + { + "value": "VerifiedPartner", + "description": "An assessment that was created by a verified 3rd party if the user connected it to ASC" + } + ] + } + }, + "partnerData": { + "$ref": "#/definitions/SecurityAssessmentMetadataPartnerData" + } + }, + "required": [ + "displayName", + "severity", + "assessmentType" + ] + }, + "SecurityAssessmentMetadataPartnerData": { + "type": "object", + "description": "Describes the partner that created the assessment", + "properties": { + "partnerName": { + "type": "string", + "description": "Name of the company of the partner" + }, + "productName": { + "type": "string", + "description": "Name of the product of the partner that created the assessment" + }, + "secret": { + "type": "string", + "description": "Secret to authenticate the partner and verify it created the assessment - write only", + "x-ms-secret": true + } + }, + "required": [ + "partnerName", + "secret" + ] + }, + "SecurityAssessmentMetadataPropertiesResponse": { + "type": "object", + "description": "Describes properties of an assessment metadata response.", + "properties": { + "publishDates": { + "type": "object", + "properties": { + "GA": { + "type": "string", + "pattern": "^([0-9]{2}/){2}[0-9]{4}$" + }, + "public": { + "type": "string", + "pattern": "^([0-9]{2}/){2}[0-9]{4}$" + } + }, + "required": [ + "public" + ] + }, + "plannedDeprecationDate": { + "type": "string", + "pattern": "^[0-9]{2}/[0-9]{4}$" + }, + "tactics": { + "type": "array", + "items": { + "type": "string", + "description": "Tactic of the assessment", + "enum": [ + "reconnaissance", + "resourceDevelopment", + "initialAccess", + "execution", + "persistence", + "privilegeEscalation", + "defenseEvasion", + "credentialAccess", + "discovery", + "lateralMovement", + "collection", + "commandAndControl", + "exfiltration", + "impact" + ], + "x-ms-enum": { + "name": "tactics", + "modelAsString": true, + "values": [ + { + "value": "reconnaissance" + }, + { + "value": "resourceDevelopment" + }, + { + "value": "initialAccess" + }, + { + "value": "execution" + }, + { + "value": "persistence" + }, + { + "value": "privilegeEscalation" + }, + { + "value": "defenseEvasion" + }, + { + "value": "credentialAccess" + }, + { + "value": "discovery" + }, + { + "value": "lateralMovement" + }, + { + "value": "collection" + }, + { + "value": "commandAndControl" + }, + { + "value": "exfiltration" + }, + { + "value": "impact" + } + ] + } + } + } + }, + "allOf": [ + { + "$ref": "#/definitions/SecurityAssessmentMetadataProperties" + } + ] + } + }, + "parameters": { + "AssessmentsMetadataName": { + "name": "assessmentMetadataName", + "in": "path", + "required": true, + "type": "string", + "description": "The Assessment Key - Unique key for the assessment type", + "x-ms-parameter-location": "method" + }, + "SecurityAssessmentMetadata": { + "name": "assessmentMetadata", + "in": "body", + "required": true, + "description": "AssessmentMetadata object", + "schema": { + "$ref": "#/definitions/SecurityAssessmentMetadata" + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessments.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessments.json new file mode 100644 index 000000000000..7fb23dbd17c5 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessments.json @@ -0,0 +1,467 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Center", + "description": "API spec for Microsoft.Security (Azure Security Center) resource provider", + "version": "2021-06-01" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/{scope}/providers/Microsoft.Security/assessments": { + "get": { + "x-ms-examples": { + "List security assessments": { + "$ref": "./examples/Assessments/ListAssessments_example.json" + } + }, + "tags": [ + "Assessments" + ], + "description": "Get security assessments on all your scanned resources inside a scope", + "operationId": "Assessments_List", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/Scope" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SecurityAssessmentList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/{resourceId}/providers/Microsoft.Security/assessments/{assessmentName}": { + "get": { + "x-ms-examples": { + "Get security recommendation task from security data location": { + "$ref": "./examples/Assessments/GetAssessment_example.json" + }, + "Get security recommendation task from security data location with expand parameter": { + "$ref": "./examples/Assessments/GetAssessmentWithExpand_example.json" + } + }, + "tags": [ + "Assessments" + ], + "description": "Get a security assessment on your scanned resource", + "operationId": "Assessments_Get", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceId" + }, + { + "$ref": "#/parameters/AssessmentName" + }, + { + "$ref": "#/parameters/ExpandAssessments" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/SecurityAssessmentResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Create security recommendation task on a resource": { + "$ref": "./examples/Assessments/PutAssessment_example.json" + } + }, + "tags": [ + "Assessments" + ], + "description": "Create a security assessment on your resource. An assessment metadata that describes this assessment must be predefined with the same name before inserting the assessment result", + "operationId": "Assessments_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceId" + }, + { + "$ref": "#/parameters/AssessmentName" + }, + { + "$ref": "#/parameters/AssessmentBody" + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/SecurityAssessmentResponse" + } + }, + "200": { + "description": "OK - Updated", + "schema": { + "$ref": "#/definitions/SecurityAssessmentResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete a security recommendation task on a resource": { + "$ref": "./examples/Assessments/DeleteAssessment_example.json" + } + }, + "tags": [ + "Assessments" + ], + "description": "Delete a security assessment on your resource. An assessment metadata that describes this assessment must be predefined with the same name before inserting the assessment result", + "operationId": "Assessments_Delete", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ResourceId" + }, + { + "$ref": "#/parameters/AssessmentName" + } + ], + "responses": { + "200": { + "description": "OK - Assessment was deleted" + }, + "204": { + "description": "No Content - Assessment does not exist" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "SecurityAssessmentList": { + "type": "object", + "description": "Page of a security assessments list", + "properties": { + "value": { + "description": "Collection of security assessments in this page", + "readOnly": true, + "type": "array", + "items": { + "$ref": "#/definitions/SecurityAssessmentResponse" + } + }, + "nextLink": { + "readOnly": true, + "type": "string", + "description": "The URI to fetch the next page." + } + } + }, + "SecurityAssessment": { + "type": "object", + "description": "Security assessment on a resource", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/SecurityAssessmentProperties" + } + }, + "allOf": [ + { + "$ref": "../../../common/v1/types.json#/definitions/Resource" + } + ] + }, + "SecurityAssessmentResponse": { + "type": "object", + "description": "Security assessment on a resource - response format", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/SecurityAssessmentPropertiesResponse" + } + }, + "allOf": [ + { + "$ref": "../../../common/v1/types.json#/definitions/Resource" + } + ] + }, + "SecurityAssessmentProperties": { + "type": "object", + "description": "Describes properties of an assessment.", + "properties": { + "status": { + "$ref": "#/definitions/AssessmentStatus" + } + }, + "allOf": [ + { + "$ref": "#/definitions/SecurityAssessmentPropertiesBase" + } + ], + "required": [ + "status" + ] + }, + "SecurityAssessmentPropertiesResponse": { + "type": "object", + "description": "Describes properties of an assessment.", + "properties": { + "status": { + "$ref": "#/definitions/AssessmentStatusResponse" + } + }, + "allOf": [ + { + "$ref": "#/definitions/SecurityAssessmentPropertiesBase" + } + ], + "required": [ + "status" + ] + }, + "SecurityAssessmentPropertiesBase": { + "type": "object", + "description": "Describes properties of an assessment.", + "properties": { + "resourceDetails": { + "$ref": "../../../common/v1/types.json#/definitions/ResourceDetails" + }, + "displayName": { + "readOnly": true, + "type": "string", + "description": "User friendly display name of the assessment" + }, + "additionalData": { + "type": "object", + "description": "Additional data regarding the assessment", + "additionalProperties": { + "type": "string" + } + }, + "links": { + "$ref": "#/definitions/AssessmentLinks" + }, + "metadata": { + "$ref": "./assessmentMetadata.json#/definitions/SecurityAssessmentMetadataProperties" + }, + "partnersData": { + "$ref": "#/definitions/SecurityAssessmentPartnerData" + } + }, + "required": [ + "resourceDetails" + ] + }, + "SecurityAssessmentPartnerData": { + "type": "object", + "description": "Data regarding 3rd party partner integration", + "properties": { + "partnerName": { + "type": "string", + "description": "Name of the company of the partner" + }, + "secret": { + "type": "string", + "description": "secret to authenticate the partner - write only", + "x-ms-secret": true + } + }, + "required": [ + "partnerName", + "secret" + ] + }, + "AssessmentLinks": { + "type": "object", + "description": "Links relevant to the assessment", + "readOnly": true, + "properties": { + "azurePortalUri": { + "type": "string", + "description": "Link to assessment in Azure Portal", + "readOnly": true + } + } + }, + "AssessmentStatusResponse": { + "type": "object", + "description": "The result of the assessment", + "properties": { + "firstEvaluationDate": { + "readOnly": true, + "type": "string", + "format": "date-time", + "description": "The time that the assessment was created and first evaluated. Returned as UTC time in ISO 8601 format" + }, + "statusChangeDate": { + "readOnly": true, + "type": "string", + "format": "date-time", + "description": "The time that the status of the assessment last changed. Returned as UTC time in ISO 8601 format" + } + }, + "allOf": [ + { + "$ref": "#/definitions/AssessmentStatus" + } + ] + }, + "AssessmentStatus": { + "type": "object", + "description": "The result of the assessment", + "properties": { + "code": { + "type": "string", + "description": "Programmatic code for the status of the assessment", + "enum": [ + "Healthy", + "Unhealthy", + "NotApplicable" + ], + "x-ms-enum": { + "name": "AssessmentStatusCode", + "modelAsString": true, + "values": [ + { + "value": "Healthy", + "description": "The resource is healthy" + }, + { + "value": "Unhealthy", + "description": "The resource has a security issue that needs to be addressed" + }, + { + "value": "NotApplicable", + "description": "Assessment for this resource did not happen" + } + ] + } + }, + "cause": { + "type": "string", + "description": "Programmatic code for the cause of the assessment status" + }, + "description": { + "type": "string", + "description": "Human readable description of the assessment status" + } + }, + "required": [ + "code" + ] + } + }, + "parameters": { + "ExpandAssessments": { + "name": "$expand", + "in": "query", + "required": false, + "type": "string", + "description": "OData expand. Optional.", + "x-ms-parameter-location": "method", + "enum": [ + "links", + "metadata" + ], + "x-ms-enum": { + "name": "ExpandEnum", + "modelAsString": true, + "values": [ + { + "value": "links", + "description": "All links associated with an assessment" + }, + { + "value": "metadata", + "description": "Assessment metadata" + } + ] + } + }, + "AssessmentName": { + "name": "assessmentName", + "in": "path", + "required": true, + "type": "string", + "description": "The Assessment Key - Unique key for the assessment type", + "x-ms-parameter-location": "method" + }, + "AssessmentBody": { + "name": "assessment", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/SecurityAssessment" + }, + "description": "Calculated assessment on a pre-defined assessment metadata", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/DeleteAssessment_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/DeleteAssessment_example.json new file mode 100644 index 000000000000..5a4da6233241 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/DeleteAssessment_example.json @@ -0,0 +1,11 @@ +{ + "parameters": { + "api-version": "2021-06-01", + "resourceId": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss2", + "assessmentName": "8bb8be0a-6010-4789-812f-e4d661c4ed0e" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/GetAssessmentWithExpand_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/GetAssessmentWithExpand_example.json new file mode 100644 index 000000000000..216a2c29dbc4 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/GetAssessmentWithExpand_example.json @@ -0,0 +1,37 @@ +{ + "parameters": { + "api-version": "2021-06-01", + "resourceId": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss2", + "assessmentName": "21300918-b2e3-0346-785f-c77ff57d243b", + "$expand": "links" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss2/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b", + "name": "21300918-b2e3-0346-785f-c77ff57d243b", + "type": "Microsoft.Security/assessments", + "properties": { + "resourceDetails": { + "source": "Azure", + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss2" + }, + "displayName": "Install endpoint protection solution on virtual machine scale sets", + "status": { + "code": "NotApplicable", + "cause": "OffByPolicy", + "description": "The effective policy for the assessment was evaluated to off - use Microsoft.Authorization/policyAssignments to turn this assessment on", + "statusChangeDate": "2021-04-12T09:07:18.6759138Z", + "firstEvaluationDate": "2021-04-12T09:07:18.6759138Z" + }, + "additionalData": { + "linkedWorkspaceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myLaWorkspace" + }, + "links": { + "azurePortalUri": "https://www.portal.azure.com/?fea#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/21300918-b2e3-0346-785f-c77ff57d243b" + } + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/GetAssessment_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/GetAssessment_example.json new file mode 100644 index 000000000000..00cc1cd605ad --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/GetAssessment_example.json @@ -0,0 +1,33 @@ +{ + "parameters": { + "api-version": "2021-06-01", + "resourceId": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss2", + "assessmentName": "21300918-b2e3-0346-785f-c77ff57d243b" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss2/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b", + "name": "21300918-b2e3-0346-785f-c77ff57d243b", + "type": "Microsoft.Security/assessments", + "properties": { + "resourceDetails": { + "source": "Azure", + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss2" + }, + "displayName": "Install endpoint protection solution on virtual machine scale sets", + "status": { + "code": "NotApplicable", + "cause": "OffByPolicy", + "description": "The effective policy for the assessment was evaluated to off - use Microsoft.Authorization/policyAssignments to turn this assessment on", + "statusChangeDate": "2021-04-12T09:07:18.6759138Z", + "firstEvaluationDate": "2021-04-12T09:07:18.6759138Z" + }, + "additionalData": { + "linkedWorkspaceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myLaWorkspace" + } + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/ListAssessments_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/ListAssessments_example.json new file mode 100644 index 000000000000..9fcb5d07a2f7 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/ListAssessments_example.json @@ -0,0 +1,53 @@ +{ + "parameters": { + "api-version": "2021-06-01", + "scope": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss1/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b", + "name": "21300918-b2e3-0346-785f-c77ff57d243b", + "type": "Microsoft.Security/assessments", + "properties": { + "resourceDetails": { + "source": "Azure", + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss1" + }, + "displayName": "Install endpoint protection solution on virtual machine scale sets", + "status": { + "code": "Healthy", + "statusChangeDate": "2021-04-12T09:07:18.6759138Z", + "firstEvaluationDate": "2021-04-12T09:07:18.6759138Z" + } + } + }, + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss2/providers/Microsoft.Security/assessments/21300918-b2e3-0346-785f-c77ff57d243b", + "name": "21300918-b2e3-0346-785f-c77ff57d243b", + "type": "Microsoft.Security/assessments", + "properties": { + "resourceDetails": { + "source": "Azure", + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss2" + }, + "displayName": "Install endpoint protection solution on virtual machine scale sets", + "status": { + "code": "NotApplicable", + "cause": "OffByPolicy", + "description": "The effective policy for the assessment was evaluated to off - use Microsoft.Authorization/policyAssignments to turn this assessment on", + "statusChangeDate": "2021-04-12T09:07:18.6759138Z", + "firstEvaluationDate": "2021-04-12T09:07:18.6759138Z" + }, + "additionalData": { + "linkedWorkspaceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myLaWorkspace" + } + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/PutAssessment_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/PutAssessment_example.json new file mode 100644 index 000000000000..36964844cd9c --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/Assessments/PutAssessment_example.json @@ -0,0 +1,53 @@ +{ + "parameters": { + "api-version": "2021-06-01", + "resourceId": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss2", + "assessmentName": "8bb8be0a-6010-4789-812f-e4d661c4ed0e", + "assessment": { + "properties": { + "resourceDetails": { + "source": "Azure" + }, + "status": { + "code": "Healthy" + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss1/providers/Microsoft.Security/assessments/8bb8be0a-6010-4789-812f-e4d661c4ed0e", + "name": "8bb8be0a-6010-4789-812f-e4d661c4ed0e", + "type": "Microsoft.Security/assessments", + "properties": { + "resourceDetails": { + "source": "Azure", + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss1/providers/Microsoft.Security/assessments/8bb8be0a-6010-4789-812f-e4d661c4ed0e" + }, + "displayName": "Install internal agent on VM", + "status": { + "code": "Healthy" + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss1/providers/Microsoft.Security/assessments/8bb8be0a-6010-4789-812f-e4d661c4ed0e", + "name": "8bb8be0a-6010-4789-812f-e4d661c4ed0e", + "type": "Microsoft.Security/assessments", + "properties": { + "resourceDetails": { + "source": "Azure", + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachineScaleSets/vmss1/providers/Microsoft.Security/assessments/8bb8be0a-6010-4789-812f-e4d661c4ed0e" + }, + "displayName": "Install internal agent on VM", + "status": { + "code": "Healthy" + } + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/CreateAssessmentsMetadata_subscription_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/CreateAssessmentsMetadata_subscription_example.json new file mode 100644 index 000000000000..f2f8d67693b6 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/CreateAssessmentsMetadata_subscription_example.json @@ -0,0 +1,52 @@ +{ + "parameters": { + "api-version": "2021-06-01", + "subscriptionId": "0980887d-03d6-408c-9566-532f3456804e", + "assessmentMetadataName": "ca039e75-a276-4175-aebc-bcd41e4b14b7", + "assessmentMetadata": { + "properties": { + "displayName": "Install endpoint protection solution on virtual machine scale sets", + "description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.", + "remediationDescription": "To install an endpoint protection solution: 1. Follow the instructions in How do I turn on antimalware in my virtual machine scale set", + "categories": [ + "Compute" + ], + "severity": "Medium", + "userImpact": "Low", + "implementationEffort": "Low", + "threats": [ + "dataExfiltration", + "dataSpillage", + "maliciousInsider" + ], + "assessmentType": "CustomerManaged" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/providers/Microsoft.Security/assessmentMetadata/ca039e75-a276-4175-aebc-bcd41e4b14b7", + "name": "ca039e75-a276-4175-aebc-bcd41e4b14b7", + "type": "Microsoft.Security/assessmentMetadata", + "properties": { + "displayName": "My organization security assessment", + "description": "Assessment that my organization created to view our security assessment in Azure Security Center", + "remediationDescription": "Fix it with these remediation instructions", + "categories": [ + "Compute" + ], + "severity": "Medium", + "userImpact": "Low", + "implementationEffort": "Low", + "threats": [ + "dataExfiltration", + "dataSpillage", + "maliciousInsider" + ], + "assessmentType": "CustomerManaged" + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/DeleteAssessmentsMetadata_subscription_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/DeleteAssessmentsMetadata_subscription_example.json new file mode 100644 index 000000000000..592c45b8848b --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/DeleteAssessmentsMetadata_subscription_example.json @@ -0,0 +1,10 @@ +{ + "parameters": { + "api-version": "2021-06-01", + "subscriptionId": "0980887d-03d6-408c-9566-532f3456804e", + "assessmentMetadataName": "ca039e75-a276-4175-aebc-bcd41e4b14b7" + }, + "responses": { + "200": {} + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_example.json new file mode 100644 index 000000000000..a990d3c0714a --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_example.json @@ -0,0 +1,47 @@ +{ + "parameters": { + "api-version": "2021-06-01", + "assessmentMetadataName": "21300918-b2e3-0346-785f-c77ff57d243b" + }, + "responses": { + "200": { + "body": { + "id": "/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b", + "name": "21300918-b2e3-0346-785f-c77ff57d243b", + "type": "Microsoft.Security/assessmentMetadata", + "properties": { + "displayName": "Install endpoint protection solution on virtual machine scale sets", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", + "description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.", + "remediationDescription": "To install an endpoint protection solution: 1. Follow the instructions in How do I turn on antimalware in my virtual machine scale set", + "categories": [ + "Compute" + ], + "severity": "Medium", + "userImpact": "Low", + "implementationEffort": "Low", + "threats": [ + "dataExfiltration", + "dataSpillage", + "maliciousInsider" + ], + "publishDates": { + "GA": "06/01/2021", + "public": "06/01/2021" + }, + "plannedDeprecationDate": "03/2022", + "tactics": [ + "credentialAccess", + "persistence", + "execution", + "defenseEvasion", + "collection", + "discovery", + "privilegeEscalation" + ], + "assessmentType": "BuiltIn" + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_subscription_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_subscription_example.json new file mode 100644 index 000000000000..1e38e364a9e3 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_subscription_example.json @@ -0,0 +1,48 @@ +{ + "parameters": { + "api-version": "2021-06-01", + "subscriptionId": "0980887d-03d6-408c-9566-532f3456804e", + "assessmentMetadataName": "21300918-b2e3-0346-785f-c77ff57d243b" + }, + "responses": { + "200": { + "body": { + "id": "/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b", + "name": "21300918-b2e3-0346-785f-c77ff57d243b", + "type": "Microsoft.Security/assessmentMetadata", + "properties": { + "displayName": "Install endpoint protection solution on virtual machine scale sets", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", + "description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.", + "remediationDescription": "To install an endpoint protection solution: 1. Follow the instructions in How do I turn on antimalware in my virtual machine scale set", + "categories": [ + "Compute" + ], + "severity": "Medium", + "userImpact": "Low", + "implementationEffort": "Low", + "threats": [ + "dataExfiltration", + "dataSpillage", + "maliciousInsider" + ], + "publishDates": { + "GA": "06/01/2021", + "public": "06/01/2021" + }, + "plannedDeprecationDate": "03/2022", + "tactics": [ + "credentialAccess", + "persistence", + "execution", + "defenseEvasion", + "collection", + "discovery", + "privilegeEscalation" + ], + "assessmentType": "BuiltIn" + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_example.json new file mode 100644 index 000000000000..326dd7f59cd2 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_example.json @@ -0,0 +1,100 @@ +{ + "parameters": { + "api-version": "2021-06-01" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b", + "name": "21300918-b2e3-0346-785f-c77ff57d243b", + "type": "Microsoft.Security/assessmentMetadata", + "properties": { + "displayName": "Install endpoint protection solution on virtual machine scale sets", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", + "description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.", + "remediationDescription": "To install an endpoint protection solution: 1. Follow the instructions in How do I turn on antimalware in my virtual machine scale set", + "categories": [ + "Compute" + ], + "severity": "Medium", + "userImpact": "Low", + "implementationEffort": "Low", + "threats": [ + "dataExfiltration", + "dataSpillage", + "maliciousInsider" + ], + "publishDates": { + "GA": "06/01/2021", + "public": "06/01/2021" + }, + "plannedDeprecationDate": "03/2022", + "tactics": [ + "credentialAccess", + "persistence", + "execution", + "defenseEvasion", + "collection", + "discovery", + "privilegeEscalation" + ], + "assessmentType": "BuiltIn" + } + }, + { + "id": "/providers/Microsoft.Security/assessmentMetadata/bc303248-3d14-44c2-96a0-55f5c326b5fe", + "name": "bc303248-3d14-44c2-96a0-55f5c326b5fe", + "type": "Microsoft.Security/assessmentMetadata", + "properties": { + "displayName": "Close management ports on your virtual machines", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917", + "description": "Open remote management ports expose your VM to a high level of risk from internet-based attacks that attempt to brute force credentials to gain admin access to the machine.", + "remediationDescription": "We recommend that you edit the inbound rules of the below virtual machines to restrict access to specific source ranges.
To restrict the access to your virtual machines: 1. Click on a VM from the list below 2. At the 'Networking' blade, click on each of the rules that allow management ports (e.g. RDP-3389, WINRM-5985, SSH-22) 3. Change the 'Action' property to 'Deny' 4. Click 'Save'", + "categories": [ + "Networking" + ], + "severity": "Medium", + "userImpact": "High", + "implementationEffort": "Low", + "threats": [ + "dataExfiltration", + "dataSpillage", + "maliciousInsider" + ], + "publishDates": { + "GA": "06/01/2021", + "public": "06/01/2021" + }, + "preview": true, + "assessmentType": "CustomPolicy" + } + }, + { + "id": "/providers/Microsoft.Security/assessmentMetadata/ca039e75-a276-4175-aebc-bcd41e4b14b7", + "name": "ca039e75-a276-4175-aebc-bcd41e4b14b7", + "type": "Microsoft.Security/assessmentMetadata", + "properties": { + "displayName": "My organization security assessment", + "description": "Assessment that my organization created to view our security assessment in Azure Security Center", + "remediationDescription": "Fix it with these remediation instructions", + "categories": [ + "Compute" + ], + "severity": "Medium", + "userImpact": "Low", + "implementationEffort": "Low", + "threats": [], + "publishDates": { + "GA": "06/01/2021", + "public": "06/01/2021" + }, + "assessmentType": "CustomerManaged" + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_subscription_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_subscription_example.json new file mode 100644 index 000000000000..d595d53cd9a1 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_subscription_example.json @@ -0,0 +1,79 @@ +{ + "parameters": { + "api-version": "2021-06-01", + "subscriptionId": "0980887d-03d6-408c-9566-532f3456804e" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b", + "name": "21300918-b2e3-0346-785f-c77ff57d243b", + "type": "Microsoft.Security/assessmentMetadata", + "properties": { + "displayName": "Install endpoint protection solution on virtual machine scale sets", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", + "description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.", + "remediationDescription": "To install an endpoint protection solution: 1. Follow the instructions in How do I turn on antimalware in my virtual machine scale set", + "categories": [ + "Compute" + ], + "severity": "Medium", + "userImpact": "Low", + "implementationEffort": "Low", + "threats": [ + "dataExfiltration", + "dataSpillage", + "maliciousInsider" + ], + "publishDates": { + "GA": "06/01/2021", + "public": "06/01/2021" + }, + "plannedDeprecationDate": "03/2022", + "tactics": [ + "credentialAccess", + "persistence", + "execution", + "defenseEvasion", + "collection", + "discovery", + "privilegeEscalation" + ], + "assessmentType": "BuiltIn" + } + }, + { + "id": "/providers/Microsoft.Security/assessmentMetadata/bc303248-3d14-44c2-96a0-55f5c326b5fe", + "name": "bc303248-3d14-44c2-96a0-55f5c326b5fe", + "type": "Microsoft.Security/assessmentMetadata", + "properties": { + "displayName": "Close management ports on your virtual machines", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917", + "description": "Open remote management ports expose your VM to a high level of risk from internet-based attacks that attempt to brute force credentials to gain admin access to the machine.", + "remediationDescription": "We recommend that you edit the inbound rules of the below virtual machines to restrict access to specific source ranges.
To restrict the access to your virtual machines: 1. Click on a VM from the list below 2. At the 'Networking' blade, click on each of the rules that allow management ports (e.g. RDP-3389, WINRM-5985, SSH-22) 3. Change the 'Action' property to 'Deny' 4. Click 'Save'", + "categories": [ + "Networking" + ], + "severity": "Medium", + "userImpact": "High", + "implementationEffort": "Low", + "threats": [ + "dataExfiltration", + "dataSpillage", + "maliciousInsider" + ], + "publishDates": { + "GA": "06/01/2021", + "public": "06/01/2021" + }, + "preview": true, + "assessmentType": "CustomPolicy" + } + } + ] + } + } + } +} From be259a2e5a27f384530eeb4b8beb6b576f5cbd66 Mon Sep 17 00:00:00 2001 From: "MIDDLEEAST\\morbrisker" Date: Tue, 27 Jul 2021 16:21:15 +0300 Subject: [PATCH 02/11] Add2021-06-01AsessmentsAPIVersion --- .../security/resource-manager/readme.md | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/specification/security/resource-manager/readme.md b/specification/security/resource-manager/readme.md index c5476d89437c..5c14b4f280ee 100644 --- a/specification/security/resource-manager/readme.md +++ b/specification/security/resource-manager/readme.md @@ -199,8 +199,8 @@ input-file: - Microsoft.Security/preview/2019-01-01-preview/automations.json - Microsoft.Security/preview/2019-01-01-preview/alertsSuppressionRules.json - Microsoft.Security/stable/2020-01-01/serverVulnerabilityAssessments.json -- Microsoft.Security/stable/2020-01-01/assessmentMetadata.json -- Microsoft.Security/stable/2020-01-01/assessments.json +- Microsoft.Security/stable/2021-06-01/assessmentMetadata.json +- Microsoft.Security/stable/2021-06-01/assessments.json - Microsoft.Security/stable/2020-01-01/applicationWhitelistings.json - Microsoft.Security/stable/2020-01-01/adaptiveNetworkHardenings.json - Microsoft.Security/stable/2020-01-01/allowedConnections.json @@ -468,6 +468,19 @@ override-info: title: SecurityCenter ``` +### Tag: package-2021-06-only + +These settings apply only when `--tag=package-2021-06-only` is specified on the command line. This tag is used for Ruby SDK. + +``` yaml $(tag) == 'package-2021-06-only' +input-file: +- Microsoft.Security/stable/2021-06-01/assessmentMetadata.json +- Microsoft.Security/stable/2021-06-01/assessments.json +# Needed when there is more than one input file +override-info: + title: SecurityCenter +``` + --- # Code Generation From 8b7aa3eec63325f74c84c2423e755536d785e346 Mon Sep 17 00:00:00 2001 From: "MIDDLEEAST\\morbrisker" Date: Tue, 27 Jul 2021 16:31:42 +0300 Subject: [PATCH 03/11] Add2021-06-01AsessmentsAPIVersion --- .../stable/2021-06-01/assessmentMetadata.json | 437 +++++++++++++++++- .../GetAssessmentsMetadata_example.json | 20 +- ...essmentsMetadata_subscription_example.json | 20 +- .../ListAssessmentsMetadata_example.json | 20 +- ...essmentsMetadata_subscription_example.json | 20 +- 5 files changed, 488 insertions(+), 29 deletions(-) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessmentMetadata.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessmentMetadata.json index bf544d0b5101..f94cc3cf1e7b 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessmentMetadata.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessmentMetadata.json @@ -205,7 +205,7 @@ "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" }, { - "$ref": "#/parameters/SecurityAssessmentMetadata" + "$ref": "#/parameters/SecurityAssessmentMetadataResponse" } ], "responses": { @@ -646,6 +646,441 @@ ] } } + }, + "techniques": { + "type": "array", + "items": { + "type": "string", + "description": "Techniques of the assessment", + "enum": [ + "abuseElevationControlMechanism", + "containerandResourceDiscovery", + "nonStandardPort", + "resourceHijacking", + "permissionGroupsDiscovery", + "softwareDeploymentTools", + "exploitationforCredentialAccess", + "serverSoftwareComponent", + "audioCapture", + "subvertTrustControls", + "oSCredentialDumping", + "dataStaged", + "trustedRelationship", + "lateralToolTransfer", + "masquerading", + "bootorLogonAutostartExecution", + "impairDefenses", + "exploitationforClientExecution", + "processDiscovery", + "dataDestruction", + "externalRemoteServices", + "nonApplicationLayerProtocol", + "obtainCapabilities", + "accountDiscovery", + "domainTrustDiscovery", + "screenCapture", + "taintSharedContent", + "obuscatedFilesorInformation", + "networkDenialofService", + "phishing", + "implantContainerImage", + "windowsManagementInstrumentation", + "serviceStop", + "hideArtifacts", + "userExecution", + "officeApplicationStartup", + "deobfuscateDecodeFilesorInformation", + "remoteServices", + "exploitationforDefenseEvasion", + "fileandDirectoryDiscovery", + "accessTokenManipulation", + "createorModifySystemProcess", + "datafromLocalSystem", + "interProcessCommunication", + "compromiseClientSoftwareBinary", + "indicatorRemovalonHost", + "exploitationforPrivilegeEscalation", + "unsecuredCredentials", + "dynamicResolution", + "compromiseInfrastructure", + "validAccounts", + "systemInformationDiscovery", + "defacement", + "protocolTunneling", + "searchVictimOwnedWebsites", + "exploitPublicFacingApplication", + "datafromCloudStorageObject", + "applicationLayerProtocol", + "driveByCompromise", + "datafromInformationRepositories", + "inputCapture", + "queryRegistry", + "ingressToolTransfer", + "scheduledTaskJob", + "activeScanning", + "manInTheMiddle", + "credentialsfromPasswordStores", + "fallbackChannels", + "signedBinaryProxyExecution", + "hijackExecutionFlow", + "exploitationofRemoteServices", + "trafficSignaling", + "networkServiceScanning", + "preOSBoot", + "fileandDirectoryPermissionsModification", + "processInjection", + "obfuscatedFilesorInformation", + "modifyAuthenticationProcess", + "remoteServiceSessionHijacking", + "commandandScriptingInterpreter", + "dataManipulation", + "proxy", + "networkSniffing", + "bootorLogonInitializationScripts", + "dataEncryptedforImpact", + "indirectCommandExecution", + "gatherVictimNetworkInformation", + "createAccount", + "datafromConfigurationRepository", + "eventTriggeredExecution", + "cloudInfrastructureDiscovery", + "cloudServiceDiscovery", + "exfiltrationOverAlternativeProtocol", + "sQLStoredProcedures", + "endpointDenialofService", + "bruteForce", + "cloudServiceDashboard", + "supplyChainCompromise", + "transferDatatoCloudAccount", + "remoteAccessSoftware", + "accountManipulation", + "stealorForgeKerberosTickets", + "remoteSystemDiscovery", + "modifyRegistry", + "diskWipe" + ], + "x-ms-enum": { + "name": "tactics", + "modelAsString": true, + "values": [ + { + "value": "abuseElevationControlMechanism" + }, + { + "value": "containerandResourceDiscovery" + }, + { + "value": "nonStandardPort" + }, + { + "value": "resourceHijacking" + }, + { + "value": "permissionGroupsDiscovery" + }, + { + "value": "softwareDeploymentTools" + }, + { + "value": "exploitationforCredentialAccess" + }, + { + "value": "serverSoftwareComponent" + }, + { + "value": "audioCapture" + }, + { + "value": "subvertTrustControls" + }, + { + "value": "oSCredentialDumping" + }, + { + "value": "dataStaged" + }, + { + "value": "trustedRelationship" + }, + { + "value": "lateralToolTransfer" + }, + { + "value": "masquerading" + }, + { + "value": "bootorLogonAutostartExecution" + }, + { + "value": "impairDefenses" + }, + { + "value": "exploitationforClientExecution" + }, + { + "value": "processDiscovery" + }, + { + "value": "dataDestruction" + }, + { + "value": "externalRemoteServices" + }, + { + "value": "nonApplicationLayerProtocol" + }, + { + "value": "obtainCapabilities" + }, + { + "value": "accountDiscovery" + }, + { + "value": "domainTrustDiscovery" + }, + { + "value": "screenCapture" + }, + { + "value": "taintSharedContent" + }, + { + "value": "obuscatedFilesorInformation" + }, + { + "value": "networkDenialofService" + }, + { + "value": "phishing" + }, + { + "value": "implantContainerImage" + }, + { + "value": "windowsManagementInstrumentation" + }, + { + "value": "serviceStop" + }, + { + "value": "hideArtifacts" + }, + { + "value": "userExecution" + }, + { + "value": "officeApplicationStartup" + }, + { + "value": "deobfuscateDecodeFilesorInformation" + }, + { + "value": "remoteServices" + }, + { + "value": "exploitationforDefenseEvasion" + }, + { + "value": "fileandDirectoryDiscovery" + }, + { + "value": "accessTokenManipulation" + }, + { + "value": "createorModifySystemProcess" + }, + { + "value": "datafromLocalSystem" + }, + { + "value": "interProcessCommunication" + }, + { + "value": "compromiseClientSoftwareBinary" + }, + { + "value": "indicatorRemovalonHost" + }, + { + "value": "exploitationforPrivilegeEscalation" + }, + { + "value": "unsecuredCredentials" + }, + { + "value": "dynamicResolution" + }, + { + "value": "compromiseInfrastructure" + }, + { + "value": "validAccounts" + }, + { + "value": "systemInformationDiscovery" + }, + { + "value": "defacement" + }, + { + "value": "protocolTunneling" + }, + { + "value": "searchVictimOwnedWebsites" + }, + { + "value": "exploitPublicFacingApplication" + }, + { + "value": "datafromCloudStorageObject" + }, + { + "value": "applicationLayerProtocol" + }, + { + "value": "driveByCompromise" + }, + { + "value": "datafromInformationRepositories" + }, + { + "value": "inputCapture" + }, + { + "value": "queryRegistry" + }, + { + "value": "ingressToolTransfer" + }, + { + "value": "scheduledTaskJob" + }, + { + "value": "activeScanning" + }, + { + "value": "manInTheMiddle" + }, + { + "value": "credentialsfromPasswordStores" + }, + { + "value": "fallbackChannels" + }, + { + "value": "signedBinaryProxyExecution" + }, + { + "value": "hijackExecutionFlow" + }, + { + "value": "exploitationofRemoteServices" + }, + { + "value": "trafficSignaling" + }, + { + "value": "networkServiceScanning" + }, + { + "value": "preOSBoot" + }, + { + "value": "fileandDirectoryPermissionsModification" + }, + { + "value": "processInjection" + }, + { + "value": "obfuscatedFilesorInformation" + }, + { + "value": "modifyAuthenticationProcess" + }, + { + "value": "remoteServiceSessionHijacking" + }, + { + "value": "commandandScriptingInterpreter" + }, + { + "value": "dataManipulation" + }, + { + "value": "proxy" + }, + { + "value": "networkSniffing" + }, + { + "value": "bootorLogonInitializationScripts" + }, + { + "value": "dataEncryptedforImpact" + }, + { + "value": "indirectCommandExecution" + }, + { + "value": "gatherVictimNetworkInformation" + }, + { + "value": "createAccount" + }, + { + "value": "datafromConfigurationRepository" + }, + { + "value": "eventTriggeredExecution" + }, + { + "value": "cloudInfrastructureDiscovery" + }, + { + "value": "cloudServiceDiscovery" + }, + { + "value": "exfiltrationOverAlternativeProtocol" + }, + { + "value": "sQLStoredProcedures" + }, + { + "value": "endpointDenialofService" + }, + { + "value": "bruteForce" + }, + { + "value": "cloudServiceDashboard" + }, + { + "value": "supplyChainCompromise" + }, + { + "value": "transferDatatoCloudAccount" + }, + { + "value": "remoteAccessSoftware" + }, + { + "value": "accountManipulation" + }, + { + "value": "stealorForgeKerberosTickets" + }, + { + "value": "remoteSystemDiscovery" + }, + { + "value": "modifyRegistry" + }, + { + "value": "diskWipe" + } + ] + } + } } }, "allOf": [ diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_example.json index a990d3c0714a..b6cb92284fca 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_example.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_example.json @@ -30,14 +30,20 @@ "public": "06/01/2021" }, "plannedDeprecationDate": "03/2022", - "tactics": [ + "tactics" : [ "credentialAccess", - "persistence", - "execution", - "defenseEvasion", - "collection", - "discovery", - "privilegeEscalation" + "persistence", + "execution", + "defenseEvasion", + "collection", + "discovery", + "privilegeEscalation" + ], + "techniques": [ + "obuscatedFilesorInformation", + "ingressToolTransfer", + "phishing", + "userExecution" ], "assessmentType": "BuiltIn" } diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_subscription_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_subscription_example.json index 1e38e364a9e3..7b150d7c1b96 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_subscription_example.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_subscription_example.json @@ -31,14 +31,20 @@ "public": "06/01/2021" }, "plannedDeprecationDate": "03/2022", - "tactics": [ + "tactics" : [ "credentialAccess", - "persistence", - "execution", - "defenseEvasion", - "collection", - "discovery", - "privilegeEscalation" + "persistence", + "execution", + "defenseEvasion", + "collection", + "discovery", + "privilegeEscalation" + ], + "techniques": [ + "obuscatedFilesorInformation", + "ingressToolTransfer", + "phishing", + "userExecution" ], "assessmentType": "BuiltIn" } diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_example.json index 326dd7f59cd2..dbd2e4a3d073 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_example.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_example.json @@ -31,14 +31,20 @@ "public": "06/01/2021" }, "plannedDeprecationDate": "03/2022", - "tactics": [ + "tactics" : [ "credentialAccess", - "persistence", - "execution", - "defenseEvasion", - "collection", - "discovery", - "privilegeEscalation" + "persistence", + "execution", + "defenseEvasion", + "collection", + "discovery", + "privilegeEscalation" + ], + "techniques": [ + "obuscatedFilesorInformation", + "ingressToolTransfer", + "phishing", + "userExecution" ], "assessmentType": "BuiltIn" } diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_subscription_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_subscription_example.json index d595d53cd9a1..d53fb0a97c84 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_subscription_example.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_subscription_example.json @@ -32,14 +32,20 @@ "public": "06/01/2021" }, "plannedDeprecationDate": "03/2022", - "tactics": [ + "tactics" : [ "credentialAccess", - "persistence", - "execution", - "defenseEvasion", - "collection", - "discovery", - "privilegeEscalation" + "persistence", + "execution", + "defenseEvasion", + "collection", + "discovery", + "privilegeEscalation" + ], + "techniques": [ + "obuscatedFilesorInformation", + "ingressToolTransfer", + "phishing", + "userExecution" ], "assessmentType": "BuiltIn" } From 6cf6cd8d75744f12119703bb600c3bf65b5f32f2 Mon Sep 17 00:00:00 2001 From: "MIDDLEEAST\\morbrisker" Date: Thu, 29 Jul 2021 15:21:09 +0300 Subject: [PATCH 04/11] Add2021-06-01AsessmentsAPIVersion --- .../stable/2021-06-01/assessmentMetadata.json | 478 +++++++++--------- .../GetAssessmentsMetadata_example.json | 22 +- ...essmentsMetadata_subscription_example.json | 22 +- .../ListAssessmentsMetadata_example.json | 22 +- ...essmentsMetadata_subscription_example.json | 22 +- 5 files changed, 283 insertions(+), 283 deletions(-) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessmentMetadata.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessmentMetadata.json index f94cc3cf1e7b..4e459a4d074c 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessmentMetadata.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessmentMetadata.json @@ -205,7 +205,7 @@ "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" }, { - "$ref": "#/parameters/SecurityAssessmentMetadataResponse" + "$ref": "#/definitions/SecurityAssessmentMetadataResponse" } ], "responses": { @@ -582,66 +582,66 @@ "type": "string", "description": "Tactic of the assessment", "enum": [ - "reconnaissance", - "resourceDevelopment", - "initialAccess", - "execution", - "persistence", - "privilegeEscalation", - "defenseEvasion", - "credentialAccess", - "discovery", - "lateralMovement", - "collection", - "commandAndControl", - "exfiltration", - "impact" + "Reconnaissance", + "Resource Development", + "Initial Access", + "Execution", + "Persistence", + "Privilege Escalation", + "Defense Evasion", + "Credential Access", + "Discovery", + "Lateral Movement", + "Collection", + "Command and Control", + "Exfiltration", + "Impact" ], "x-ms-enum": { "name": "tactics", "modelAsString": true, "values": [ { - "value": "reconnaissance" + "value": "Reconnaissance" }, { - "value": "resourceDevelopment" + "value": "Resource Development" }, { - "value": "initialAccess" + "value": "Initial Access" }, { - "value": "execution" + "value": "Execution" }, { - "value": "persistence" + "value": "Persistence" }, { - "value": "privilegeEscalation" + "value": "Privilege Escalation" }, { - "value": "defenseEvasion" + "value": "Defense Evasion" }, { - "value": "credentialAccess" + "value": "Credential Access" }, { - "value": "discovery" + "value": "Discovery" }, { - "value": "lateralMovement" + "value": "Lateral Movement" }, { - "value": "collection" + "value": "Collection" }, { - "value": "commandAndControl" + "value": "Command and Control" }, { - "value": "exfiltration" + "value": "Exfiltration" }, { - "value": "impact" + "value": "Impact" } ] } @@ -653,430 +653,430 @@ "type": "string", "description": "Techniques of the assessment", "enum": [ - "abuseElevationControlMechanism", - "containerandResourceDiscovery", - "nonStandardPort", - "resourceHijacking", - "permissionGroupsDiscovery", - "softwareDeploymentTools", - "exploitationforCredentialAccess", - "serverSoftwareComponent", - "audioCapture", - "subvertTrustControls", - "oSCredentialDumping", - "dataStaged", - "trustedRelationship", - "lateralToolTransfer", - "masquerading", - "bootorLogonAutostartExecution", - "impairDefenses", - "exploitationforClientExecution", - "processDiscovery", - "dataDestruction", - "externalRemoteServices", - "nonApplicationLayerProtocol", - "obtainCapabilities", - "accountDiscovery", - "domainTrustDiscovery", - "screenCapture", - "taintSharedContent", - "obuscatedFilesorInformation", - "networkDenialofService", - "phishing", - "implantContainerImage", - "windowsManagementInstrumentation", - "serviceStop", - "hideArtifacts", - "userExecution", - "officeApplicationStartup", - "deobfuscateDecodeFilesorInformation", - "remoteServices", - "exploitationforDefenseEvasion", - "fileandDirectoryDiscovery", - "accessTokenManipulation", - "createorModifySystemProcess", - "datafromLocalSystem", - "interProcessCommunication", - "compromiseClientSoftwareBinary", - "indicatorRemovalonHost", - "exploitationforPrivilegeEscalation", - "unsecuredCredentials", - "dynamicResolution", - "compromiseInfrastructure", - "validAccounts", - "systemInformationDiscovery", - "defacement", - "protocolTunneling", - "searchVictimOwnedWebsites", - "exploitPublicFacingApplication", - "datafromCloudStorageObject", - "applicationLayerProtocol", - "driveByCompromise", - "datafromInformationRepositories", - "inputCapture", - "queryRegistry", - "ingressToolTransfer", - "scheduledTaskJob", - "activeScanning", - "manInTheMiddle", - "credentialsfromPasswordStores", - "fallbackChannels", - "signedBinaryProxyExecution", - "hijackExecutionFlow", - "exploitationofRemoteServices", - "trafficSignaling", - "networkServiceScanning", - "preOSBoot", - "fileandDirectoryPermissionsModification", - "processInjection", - "obfuscatedFilesorInformation", - "modifyAuthenticationProcess", - "remoteServiceSessionHijacking", - "commandandScriptingInterpreter", - "dataManipulation", - "proxy", - "networkSniffing", - "bootorLogonInitializationScripts", - "dataEncryptedforImpact", - "indirectCommandExecution", - "gatherVictimNetworkInformation", - "createAccount", - "datafromConfigurationRepository", - "eventTriggeredExecution", - "cloudInfrastructureDiscovery", - "cloudServiceDiscovery", - "exfiltrationOverAlternativeProtocol", - "sQLStoredProcedures", - "endpointDenialofService", - "bruteForce", - "cloudServiceDashboard", - "supplyChainCompromise", - "transferDatatoCloudAccount", - "remoteAccessSoftware", - "accountManipulation", - "stealorForgeKerberosTickets", - "remoteSystemDiscovery", - "modifyRegistry", - "diskWipe" + "Abuse Elevation Control Mechanism", + "Access Token Manipulation", + "Account Discovery", + "Account Manipulation", + "Active Scanning", + "Application Layer Protocol", + "Audio Capture", + "Boot or Logon Autostart Execution", + "Boot or Logon Initialization Scripts", + "Brute Force", + "Cloud Infrastructure Discovery", + "Cloud Service Dashboard", + "Cloud Service Discovery", + "Command and Scripting Interpreter", + "Compromise Client Software Binary", + "Compromise Infrastructure", + "Container and Resource Discovery", + "Create Account", + "Create or Modify System Process", + "Credentials from Password Stores", + "Data Destruction", + "Data Encrypted for Impact", + "Data from Cloud Storage Object", + "Data from Configuration Repository", + "Data from Information Repositories", + "Data from Local System", + "Data Manipulation", + "Data Staged", + "Defacement", + "Deobfuscate/Decode Files or Information", + "Disk Wipe", + "Domain Trust Discovery", + "Drive-by Compromise", + "Dynamic Resolution", + "Endpoint Denial of Service", + "Event Triggered Execution", + "Exfiltration Over Alternative Protocol", + "Exploit Public-Facing Application", + "Exploitation for Client Execution", + "Exploitation for Credential Access", + "Exploitation for Defense Evasion", + "Exploitation for Privilege Escalation", + "Exploitation of Remote Services", + "External Remote Services", + "Fallback Channels", + "File and Directory Discovery", + "Gather Victim Network Information", + "Hide Artifacts", + "Hijack Execution Flow", + "Impair Defenses", + "Implant Container Image", + "Indicator Removal on Host", + "Indirect Command Execution", + "Ingress Tool Transfer", + "Input Capture", + "Inter-Process Communication", + "Lateral Tool Transfer", + "Man-in-the-Middle", + "Masquerading", + "Modify Authentication Process", + "Modify Registry", + "Network Denial of Service", + "Network Service Scanning", + "Network Sniffing", + "Non-Application Layer Protocol", + "Non-Standard Port", + "Obfuscated Files or Information", + "Obtain Capabilities", + "Obuscated Files or Information", + "Office Application Startup", + "OS Credential Dumping", + "Permission Groups Discovery", + "Phishing", + "Pre-OS Boot", + "Process Discovery", + "Process Injection", + "Protocol Tunneling", + "Proxy", + "Query Registry", + "Remote Access Software", + "Remote Service Session Hijacking", + "Remote Services", + "Remote System Discovery", + "Resource Hijacking", + "Scheduled Task/Job", + "Screen Capture", + "Search Victim-Owned Websites", + "Server Software Component", + "Service Stop", + "Signed Binary Proxy Execution", + "Software Deployment Tools", + "SQL Stored Procedures", + "Steal or Forge Kerberos Tickets", + "Subvert Trust Controls", + "Supply Chain Compromise", + "System Information Discovery", + "Taint Shared Content", + "Traffic Signaling", + "Transfer Data to Cloud Account", + "Trusted Relationship", + "Unsecured Credentials", + "User Execution", + "Valid Accounts", + "Windows Management Instrumentation", + "File and Directory Permissions Modification" ], "x-ms-enum": { "name": "tactics", "modelAsString": true, "values": [ { - "value": "abuseElevationControlMechanism" + "value": "Abuse Elevation Control Mechanism" }, { - "value": "containerandResourceDiscovery" + "value": "Access Token Manipulation" }, { - "value": "nonStandardPort" + "value": "Account Discovery" }, { - "value": "resourceHijacking" + "value": "Account Manipulation" }, { - "value": "permissionGroupsDiscovery" + "value": "Active Scanning" }, { - "value": "softwareDeploymentTools" + "value": "Application Layer Protocol" }, { - "value": "exploitationforCredentialAccess" + "value": "Audio Capture" }, { - "value": "serverSoftwareComponent" + "value": "Boot or Logon Autostart Execution" }, { - "value": "audioCapture" + "value": "Boot or Logon Initialization Scripts" }, { - "value": "subvertTrustControls" + "value": "Brute Force" }, { - "value": "oSCredentialDumping" + "value": "Cloud Infrastructure Discovery" }, { - "value": "dataStaged" + "value": "Cloud Service Dashboard" }, { - "value": "trustedRelationship" + "value": "Cloud Service Discovery" }, { - "value": "lateralToolTransfer" + "value": "Command and Scripting Interpreter" }, { - "value": "masquerading" + "value": "Compromise Client Software Binary" }, { - "value": "bootorLogonAutostartExecution" + "value": "Compromise Infrastructure" }, { - "value": "impairDefenses" + "value": "Container and Resource Discovery" }, { - "value": "exploitationforClientExecution" + "value": "Create Account" }, { - "value": "processDiscovery" + "value": "Create or Modify System Process" }, { - "value": "dataDestruction" + "value": "Credentials from Password Stores" }, { - "value": "externalRemoteServices" + "value": "Data Destruction" }, { - "value": "nonApplicationLayerProtocol" + "value": "Data Encrypted for Impact" }, { - "value": "obtainCapabilities" + "value": "Data from Cloud Storage Object" }, { - "value": "accountDiscovery" + "value": "Data from Configuration Repository" }, { - "value": "domainTrustDiscovery" + "value": "Data from Information Repositories" }, { - "value": "screenCapture" + "value": "Data from Local System" }, { - "value": "taintSharedContent" + "value": "Data Manipulation" }, { - "value": "obuscatedFilesorInformation" + "value": "Data Staged" }, { - "value": "networkDenialofService" + "value": "Defacement" }, { - "value": "phishing" + "value": "Deobfuscate/Decode Files or Information" }, { - "value": "implantContainerImage" + "value": "Disk Wipe" }, { - "value": "windowsManagementInstrumentation" + "value": "Domain Trust Discovery" }, { - "value": "serviceStop" + "value": "Drive-by Compromise" }, { - "value": "hideArtifacts" + "value": "Dynamic Resolution" }, { - "value": "userExecution" + "value": "Endpoint Denial of Service" }, { - "value": "officeApplicationStartup" + "value": "Event Triggered Execution" }, { - "value": "deobfuscateDecodeFilesorInformation" + "value": "Exfiltration Over Alternative Protocol" }, { - "value": "remoteServices" + "value": "Exploit Public-Facing Application" }, { - "value": "exploitationforDefenseEvasion" + "value": "Exploitation for Client Execution" }, { - "value": "fileandDirectoryDiscovery" + "value": "Exploitation for Credential Access" }, { - "value": "accessTokenManipulation" + "value": "Exploitation for Defense Evasion" }, { - "value": "createorModifySystemProcess" + "value": "Exploitation for Privilege Escalation" }, { - "value": "datafromLocalSystem" + "value": "Exploitation of Remote Services" }, { - "value": "interProcessCommunication" + "value": "External Remote Services" }, { - "value": "compromiseClientSoftwareBinary" + "value": "Fallback Channels" }, { - "value": "indicatorRemovalonHost" + "value": "File and Directory Discovery" }, { - "value": "exploitationforPrivilegeEscalation" + "value": "Gather Victim Network Information" }, { - "value": "unsecuredCredentials" + "value": "Hide Artifacts" }, { - "value": "dynamicResolution" + "value": "Hijack Execution Flow" }, { - "value": "compromiseInfrastructure" + "value": "Impair Defenses" }, { - "value": "validAccounts" + "value": "Implant Container Image" }, { - "value": "systemInformationDiscovery" + "value": "Indicator Removal on Host" }, { - "value": "defacement" + "value": "Indirect Command Execution" }, { - "value": "protocolTunneling" + "value": "Ingress Tool Transfer" }, { - "value": "searchVictimOwnedWebsites" + "value": "Input Capture" }, { - "value": "exploitPublicFacingApplication" + "value": "Inter-Process Communication" }, { - "value": "datafromCloudStorageObject" + "value": "Lateral Tool Transfer" }, { - "value": "applicationLayerProtocol" + "value": "Man-in-the-Middle" }, { - "value": "driveByCompromise" + "value": "Masquerading" }, { - "value": "datafromInformationRepositories" + "value": "Modify Authentication Process" }, { - "value": "inputCapture" + "value": "Modify Registry" }, { - "value": "queryRegistry" + "value": "Network Denial of Service" }, { - "value": "ingressToolTransfer" + "value": "Network Service Scanning" }, { - "value": "scheduledTaskJob" + "value": "Network Sniffing" }, { - "value": "activeScanning" + "value": "Non-Application Layer Protocol" }, { - "value": "manInTheMiddle" + "value": "Non-Standard Port" }, { - "value": "credentialsfromPasswordStores" + "value": "Obfuscated Files or Information" }, { - "value": "fallbackChannels" + "value": "Obtain Capabilities" }, { - "value": "signedBinaryProxyExecution" + "value": "Obuscated Files or Information" }, { - "value": "hijackExecutionFlow" + "value": "Office Application Startup" }, { - "value": "exploitationofRemoteServices" + "value": "OS Credential Dumping" }, { - "value": "trafficSignaling" + "value": "Permission Groups Discovery" }, { - "value": "networkServiceScanning" + "value": "Phishing" }, { - "value": "preOSBoot" + "value": "Pre-OS Boot" }, { - "value": "fileandDirectoryPermissionsModification" + "value": "Process Discovery" }, { - "value": "processInjection" + "value": "Process Injection" }, { - "value": "obfuscatedFilesorInformation" + "value": "Protocol Tunneling" }, { - "value": "modifyAuthenticationProcess" + "value": "Proxy" }, { - "value": "remoteServiceSessionHijacking" + "value": "Query Registry" }, { - "value": "commandandScriptingInterpreter" + "value": "Remote Access Software" }, { - "value": "dataManipulation" + "value": "Remote Service Session Hijacking" }, { - "value": "proxy" + "value": "Remote Services" }, { - "value": "networkSniffing" + "value": "Remote System Discovery" }, { - "value": "bootorLogonInitializationScripts" + "value": "Resource Hijacking" }, { - "value": "dataEncryptedforImpact" + "value": "Scheduled Task/Job" }, { - "value": "indirectCommandExecution" + "value": "Screen Capture" }, { - "value": "gatherVictimNetworkInformation" + "value": "Search Victim-Owned Websites" }, { - "value": "createAccount" + "value": "Server Software Component" }, { - "value": "datafromConfigurationRepository" + "value": "Service Stop" }, { - "value": "eventTriggeredExecution" + "value": "Signed Binary Proxy Execution" }, { - "value": "cloudInfrastructureDiscovery" + "value": "Software Deployment Tools" }, { - "value": "cloudServiceDiscovery" + "value": "SQL Stored Procedures" }, { - "value": "exfiltrationOverAlternativeProtocol" + "value": "Steal or Forge Kerberos Tickets" }, { - "value": "sQLStoredProcedures" + "value": "Subvert Trust Controls" }, { - "value": "endpointDenialofService" + "value": "Supply Chain Compromise" }, { - "value": "bruteForce" + "value": "System Information Discovery" }, { - "value": "cloudServiceDashboard" + "value": "Taint Shared Content" }, { - "value": "supplyChainCompromise" + "value": "Traffic Signaling" }, { - "value": "transferDatatoCloudAccount" + "value": "Transfer Data to Cloud Account" }, { - "value": "remoteAccessSoftware" + "value": "Trusted Relationship" }, { - "value": "accountManipulation" + "value": "Unsecured Credentials" }, { - "value": "stealorForgeKerberosTickets" + "value": "User Execution" }, { - "value": "remoteSystemDiscovery" + "value": "Valid Accounts" }, { - "value": "modifyRegistry" + "value": "Windows Management Instrumentation" }, { - "value": "diskWipe" + "value": "File and Directory Permissions Modification" } ] } diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_example.json index b6cb92284fca..879f95c1bf81 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_example.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_example.json @@ -31,19 +31,19 @@ }, "plannedDeprecationDate": "03/2022", "tactics" : [ - "credentialAccess", - "persistence", - "execution", - "defenseEvasion", - "collection", - "discovery", - "privilegeEscalation" + "Credential Access", + "Persistence", + "Execution", + "Defense Evasion", + "Collection", + "Discovery", + "Privilege Escalation" ], "techniques": [ - "obuscatedFilesorInformation", - "ingressToolTransfer", - "phishing", - "userExecution" + "Obuscated Files or Information", + "Ingress Tool Transfer", + "Phishing", + "User Execution" ], "assessmentType": "BuiltIn" } diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_subscription_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_subscription_example.json index 7b150d7c1b96..0afb5c3056ae 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_subscription_example.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_subscription_example.json @@ -32,19 +32,19 @@ }, "plannedDeprecationDate": "03/2022", "tactics" : [ - "credentialAccess", - "persistence", - "execution", - "defenseEvasion", - "collection", - "discovery", - "privilegeEscalation" + "Credential Access", + "Persistence", + "Execution", + "Defense Evasion", + "Collection", + "Discovery", + "Privilege Escalation" ], "techniques": [ - "obuscatedFilesorInformation", - "ingressToolTransfer", - "phishing", - "userExecution" + "Obuscated Files or Information", + "Ingress Tool Transfer", + "Phishing", + "User Execution" ], "assessmentType": "BuiltIn" } diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_example.json index dbd2e4a3d073..7dde3ad04c91 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_example.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_example.json @@ -32,19 +32,19 @@ }, "plannedDeprecationDate": "03/2022", "tactics" : [ - "credentialAccess", - "persistence", - "execution", - "defenseEvasion", - "collection", - "discovery", - "privilegeEscalation" + "Credential Access", + "Persistence", + "Execution", + "Defense Evasion", + "Collection", + "Discovery", + "Privilege Escalation" ], "techniques": [ - "obuscatedFilesorInformation", - "ingressToolTransfer", - "phishing", - "userExecution" + "Obuscated Files or Information", + "Ingress Tool Transfer", + "Phishing", + "User Execution" ], "assessmentType": "BuiltIn" } diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_subscription_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_subscription_example.json index d53fb0a97c84..0f84612499da 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_subscription_example.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_subscription_example.json @@ -33,19 +33,19 @@ }, "plannedDeprecationDate": "03/2022", "tactics" : [ - "credentialAccess", - "persistence", - "execution", - "defenseEvasion", - "collection", - "discovery", - "privilegeEscalation" + "Credential Access", + "Persistence", + "Execution", + "Defense Evasion", + "Collection", + "Discovery", + "Privilege Escalation" ], "techniques": [ - "obuscatedFilesorInformation", - "ingressToolTransfer", - "phishing", - "userExecution" + "Obuscated Files or Information", + "Ingress Tool Transfer", + "Phishing", + "User Execution" ], "assessmentType": "BuiltIn" } From 1a04c99ead9f01e43417964c32e049c196ed0517 Mon Sep 17 00:00:00 2001 From: "MIDDLEEAST\\morbrisker" Date: Thu, 29 Jul 2021 16:26:05 +0300 Subject: [PATCH 05/11] Add2021-06-01AsessmentsAPIVersion --- custom-words.txt | 1 + .../stable/2021-06-01/assessmentMetadata.json | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/custom-words.txt b/custom-words.txt index 1b02fdc09783..4cf6ca4cc6d5 100644 --- a/custom-words.txt +++ b/custom-words.txt @@ -2258,3 +2258,4 @@ XLSM DOCM multislot Tebibytes +Obuscated \ No newline at end of file diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessmentMetadata.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessmentMetadata.json index 4e459a4d074c..2a188413f7db 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessmentMetadata.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessmentMetadata.json @@ -205,14 +205,14 @@ "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" }, { - "$ref": "#/definitions/SecurityAssessmentMetadataResponse" + "$ref": "#/parameters/SecurityAssessmentMetadata" } ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/SecurityAssessmentMetadataResponse" + "$ref": "#/definitions/SecurityAssessmentMetadata" } }, "default": { @@ -760,7 +760,7 @@ "File and Directory Permissions Modification" ], "x-ms-enum": { - "name": "tactics", + "name": "techniques", "modelAsString": true, "values": [ { From d462574e5c440b64445dc4db302ae6c74029ef8e Mon Sep 17 00:00:00 2001 From: "MIDDLEEAST\\morbrisker" Date: Thu, 29 Jul 2021 17:08:59 +0300 Subject: [PATCH 06/11] Add2021-06-01AsessmentsAPIVersion --- .../GetAssessmentsMetadata_example.json | 16 ++++++++-------- ...AssessmentsMetadata_subscription_example.json | 16 ++++++++-------- .../ListAssessmentsMetadata_example.json | 16 ++++++++-------- ...AssessmentsMetadata_subscription_example.json | 16 ++++++++-------- 4 files changed, 32 insertions(+), 32 deletions(-) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_example.json index 879f95c1bf81..1d3b5a8c2ae8 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_example.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_example.json @@ -30,14 +30,14 @@ "public": "06/01/2021" }, "plannedDeprecationDate": "03/2022", - "tactics" : [ - "Credential Access", - "Persistence", - "Execution", - "Defense Evasion", - "Collection", - "Discovery", - "Privilege Escalation" + "tactics": [ + "Credential Access", + "Persistence", + "Execution", + "Defense Evasion", + "Collection", + "Discovery", + "Privilege Escalation" ], "techniques": [ "Obuscated Files or Information", diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_subscription_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_subscription_example.json index 0afb5c3056ae..eccba4cfa404 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_subscription_example.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/GetAssessmentsMetadata_subscription_example.json @@ -31,14 +31,14 @@ "public": "06/01/2021" }, "plannedDeprecationDate": "03/2022", - "tactics" : [ - "Credential Access", - "Persistence", - "Execution", - "Defense Evasion", - "Collection", - "Discovery", - "Privilege Escalation" + "tactics": [ + "Credential Access", + "Persistence", + "Execution", + "Defense Evasion", + "Collection", + "Discovery", + "Privilege Escalation" ], "techniques": [ "Obuscated Files or Information", diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_example.json index 7dde3ad04c91..9dd72f1eddb5 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_example.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_example.json @@ -31,14 +31,14 @@ "public": "06/01/2021" }, "plannedDeprecationDate": "03/2022", - "tactics" : [ - "Credential Access", - "Persistence", - "Execution", - "Defense Evasion", - "Collection", - "Discovery", - "Privilege Escalation" + "tactics": [ + "Credential Access", + "Persistence", + "Execution", + "Defense Evasion", + "Collection", + "Discovery", + "Privilege Escalation" ], "techniques": [ "Obuscated Files or Information", diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_subscription_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_subscription_example.json index 0f84612499da..652a8c6eca31 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_subscription_example.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/examples/AssessmentsMetadata/ListAssessmentsMetadata_subscription_example.json @@ -32,14 +32,14 @@ "public": "06/01/2021" }, "plannedDeprecationDate": "03/2022", - "tactics" : [ - "Credential Access", - "Persistence", - "Execution", - "Defense Evasion", - "Collection", - "Discovery", - "Privilege Escalation" + "tactics": [ + "Credential Access", + "Persistence", + "Execution", + "Defense Evasion", + "Collection", + "Discovery", + "Privilege Escalation" ], "techniques": [ "Obuscated Files or Information", From 725b0649b45ac98b9bc89096434bd33d7e5e8e09 Mon Sep 17 00:00:00 2001 From: "MIDDLEEAST\\morbrisker" Date: Thu, 29 Jul 2021 17:12:12 +0300 Subject: [PATCH 07/11] Add2021-06-01AsessmentsAPIVersion --- .../stable/2021-06-01/assessmentMetadata.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessmentMetadata.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessmentMetadata.json index 2a188413f7db..fd461f3b221c 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessmentMetadata.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessmentMetadata.json @@ -205,14 +205,14 @@ "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" }, { - "$ref": "#/parameters/SecurityAssessmentMetadata" + "$ref": "#/parameters/SecurityAssessmentMetadataResponse" } ], "responses": { "200": { "description": "OK", "schema": { - "$ref": "#/definitions/SecurityAssessmentMetadata" + "$ref": "#/definitions/SecurityAssessmentMetadataResponse" } }, "default": { From 93fc8b365c1a25049b0a1754aa3ca7457a938254 Mon Sep 17 00:00:00 2001 From: "MIDDLEEAST\\morbrisker" Date: Thu, 29 Jul 2021 19:29:09 +0300 Subject: [PATCH 08/11] Add2021-06-01AsessmentsAPIVersion --- .../stable/2021-06-01/assessmentMetadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessmentMetadata.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessmentMetadata.json index fd461f3b221c..c22bafdc8fa3 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessmentMetadata.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessmentMetadata.json @@ -205,7 +205,7 @@ "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" }, { - "$ref": "#/parameters/SecurityAssessmentMetadataResponse" + "$ref": "#/definitions/SecurityAssessmentMetadataResponse" } ], "responses": { From 49fa4afc79bdb7f42e5ae4f2668ed8629f18979f Mon Sep 17 00:00:00 2001 From: "MIDDLEEAST\\morbrisker" Date: Thu, 29 Jul 2021 19:39:01 +0300 Subject: [PATCH 09/11] Add2021-06-01AsessmentsAPIVersion --- .../stable/2021-06-01/assessmentMetadata.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessmentMetadata.json b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessmentMetadata.json index c22bafdc8fa3..b130a9c0569e 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessmentMetadata.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2021-06-01/assessmentMetadata.json @@ -205,7 +205,7 @@ "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" }, { - "$ref": "#/definitions/SecurityAssessmentMetadataResponse" + "$ref": "#/parameters/SecurityAssessmentMetadataResponse" } ], "responses": { @@ -1099,13 +1099,13 @@ "description": "The Assessment Key - Unique key for the assessment type", "x-ms-parameter-location": "method" }, - "SecurityAssessmentMetadata": { + "SecurityAssessmentMetadataResponse": { "name": "assessmentMetadata", "in": "body", "required": true, "description": "AssessmentMetadata object", "schema": { - "$ref": "#/definitions/SecurityAssessmentMetadata" + "$ref": "#/definitions/SecurityAssessmentMetadataResponse" }, "x-ms-parameter-location": "method" } From 22027a1a659415c203353569025637ef22d6a32c Mon Sep 17 00:00:00 2001 From: "MIDDLEEAST\\morbrisker" Date: Mon, 2 Aug 2021 11:08:34 +0300 Subject: [PATCH 10/11] Add2021-06-01AsessmentsAPIVersion --- specification/security/resource-manager/readme.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/specification/security/resource-manager/readme.md b/specification/security/resource-manager/readme.md index 5c14b4f280ee..43525d277293 100644 --- a/specification/security/resource-manager/readme.md +++ b/specification/security/resource-manager/readme.md @@ -474,8 +474,10 @@ These settings apply only when `--tag=package-2021-06-only` is specified on the ``` yaml $(tag) == 'package-2021-06-only' input-file: +- Microsoft.Security/stable/2021-06-01/settings.json - Microsoft.Security/stable/2021-06-01/assessmentMetadata.json - Microsoft.Security/stable/2021-06-01/assessments.json + # Needed when there is more than one input file override-info: title: SecurityCenter From 27c22de42e562f58ee7c4dbabe312a0c23e42762 Mon Sep 17 00:00:00 2001 From: MorBrisker Date: Thu, 19 Aug 2021 14:25:53 +0300 Subject: [PATCH 11/11] Update custom-words.txt --- custom-words.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/custom-words.txt b/custom-words.txt index 1e5dd496159e..f58ce8aa679d 100644 --- a/custom-words.txt +++ b/custom-words.txt @@ -2262,4 +2262,5 @@ XLSM DOCM multislot Tebibytes -privatelinkservicesforpowerbi \ No newline at end of file +privatelinkservicesforpowerbi +Obuscated