From 7ff73a73ad3b033c11d5b99598cef55d96da2106 Mon Sep 17 00:00:00 2001 From: surashed Date: Thu, 13 Aug 2020 09:29:00 +0300 Subject: [PATCH 01/12] Add SubAssessment event source type and add more automations examples --- .../2019-01-01-preview/automations.json | 11 +- .../PutAutomationAllAssessments_example.json | 102 ++++++++++++++++++ ...ationHighSeverityAssessments_example.json} | 18 ++-- 3 files changed, 120 insertions(+), 11 deletions(-) create mode 100644 specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomationAllAssessments_example.json rename specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/{PutAutomation_example.json => PutAutomationHighSeverityAssessments_example.json} (87%) diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/automations.json b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/automations.json index 87aacf936084..1121d592edc7 100644 --- a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/automations.json +++ b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/automations.json @@ -158,8 +158,11 @@ }, "put": { "x-ms-examples": { - "Create or update a security automation": { - "$ref": "./examples/Automations/PutAutomation_example.json" + "Create or update a security automation for all assessments": { + "$ref": "./examples/Automations/PutAutomationAllAssessments_example.json" + }, + "Create or update a security automation for all high severity assessments": { + "$ref": "./examples/Automations/PutAutomationHighSeverityAssessments_example.json" }, "Disable or enable a security automation": { "$ref": "./examples/Automations/PutDisableAutomation_example.json" @@ -373,6 +376,7 @@ "description": "A valid event source type.", "enum": [ "Assessments", + "SubAssessments", "Alerts" ], "x-ms-enum": { @@ -382,6 +386,9 @@ { "value": "Assessments" }, + { + "value": "SubAssessments" + }, { "value": "Alerts" } diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomationAllAssessments_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomationAllAssessments_example.json new file mode 100644 index 000000000000..9442b2725e30 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomationAllAssessments_example.json @@ -0,0 +1,102 @@ +{ + "parameters": { + "api-version": "2019-01-01-preview", + "subscriptionId": "a5caac9c-5c04-49af-b3d0-e204f40345d5", + "automationName": "exampleAutomation", + "resourceGroupName": "exampleResourceGroup", + "Automation": { + "location": "Central US", + "etag": "etag value (must be supplied for update)", + "tags": {}, + "properties": { + "description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment", + "isEnabled": true, + "scopes": [ + { + "description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5", + "scopePath": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup" + } + ], + "sources": [ + { + "eventSource": "Assessments", + "ruleSets": [] + } + ], + "actions": [ + { + "logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1", + "actionType": "LogicApp", + "uri": "https://exampleTriggerUri1.com" + } + ] + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/automations/exampleAutomation", + "name": "exampleAutomation", + "type": "Microsoft.Security/automations", + "location": "Central US", + "etag": "new etag value", + "tags": {}, + "properties": { + "description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment", + "isEnabled": true, + "scopes": [ + { + "description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5", + "scopePath": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup" + } + ], + "sources": [ + { + "eventSource": "Assessments", + "ruleSets": [] + } + ], + "actions": [ + { + "logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1", + "actionType": "LogicApp" + } + ] + } + } + }, + "201": { + "body": { + "id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/SecurityAutomations/exampleAutomation", + "name": "exampleAutomation", + "type": "Microsoft.Security/SecurityAutomations", + "location": "Central US", + "etag": "new etag value", + "tags": {}, + "properties": { + "description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment", + "isEnabled": true, + "scopes": [ + { + "description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5", + "scopePath": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup" + } + ], + "sources": [ + { + "eventSource": "Assessments", + "ruleSets": [] + } + ], + "actions": [ + { + "logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1", + "actionType": "LogicApp" + } + ] + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomation_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomationHighSeverityAssessments_example.json similarity index 87% rename from specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomation_example.json rename to specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomationHighSeverityAssessments_example.json index f0fb970efdf8..d79b128f65df 100644 --- a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomation_example.json +++ b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomationHighSeverityAssessments_example.json @@ -9,7 +9,7 @@ "etag": "etag value (must be supplied for update)", "tags": {}, "properties": { - "description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment of type customAssessment", + "description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any high severity security assessment", "isEnabled": true, "scopes": [ { @@ -24,9 +24,9 @@ { "rules": [ { - "propertyJPath": "$.Entity.AssessmentType", + "propertyJPath": "properties.metadata.severity", "propertyType": "String", - "expectedValue": "customAssessment", + "expectedValue": "High", "operator": "Equals" } ] @@ -54,7 +54,7 @@ "etag": "new etag value", "tags": {}, "properties": { - "description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment of type customAssessment", + "description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any high severity security assessment", "isEnabled": true, "scopes": [ { @@ -69,9 +69,9 @@ { "rules": [ { - "propertyJPath": "$.Entity.AssessmentType", + "propertyJPath": "properties.metadata.severity", "propertyType": "String", - "expectedValue": "customAssessment", + "expectedValue": "High", "operator": "Equals" } ] @@ -97,7 +97,7 @@ "etag": "new etag value", "tags": {}, "properties": { - "description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment of type customAssessment", + "description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any high severity security assessment", "isEnabled": true, "scopes": [ { @@ -112,9 +112,9 @@ { "rules": [ { - "propertyJPath": "$.Entity.AssessmentType", + "propertyJPath": "properties.metadata.severity", "propertyType": "String", - "expectedValue": "customAssessment", + "expectedValue": "High", "operator": "Equals" } ] From 8dcfac374e9fdd3c62af54ee797f30767c5b0dff Mon Sep 17 00:00:00 2001 From: surashed <55134940+surashed@users.noreply.github.com> Date: Tue, 18 Aug 2020 09:31:37 +0300 Subject: [PATCH 02/12] Change Location isReadOnlu to false --- specification/security/resource-manager/common/v1/types.json | 1 - 1 file changed, 1 deletion(-) diff --git a/specification/security/resource-manager/common/v1/types.json b/specification/security/resource-manager/common/v1/types.json index fca7f0ceb5c6..8d9d30019734 100644 --- a/specification/security/resource-manager/common/v1/types.json +++ b/specification/security/resource-manager/common/v1/types.json @@ -116,7 +116,6 @@ "description": "Describes an Azure resource with location", "properties": { "location": { - "readOnly": true, "type": "string", "description": "Location where the resource is stored" } From 4bf2361193bfff6d44a4f51fd30838792b959c51 Mon Sep 17 00:00:00 2001 From: surashed <55134940+surashed@users.noreply.github.com> Date: Tue, 18 Aug 2020 09:57:06 +0300 Subject: [PATCH 03/12] Test --- .../2019-01-01-preview/automations.json | 2 +- .../resource-manager/common/v1/types.json | 32 +++++++++++++++++++ 2 files changed, 33 insertions(+), 1 deletion(-) diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/automations.json b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/automations.json index 1121d592edc7..56ee1aed6e20 100644 --- a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/automations.json +++ b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/automations.json @@ -328,7 +328,7 @@ }, "allOf": [ { - "$ref": "../../../common/v1/types.json#/definitions/TrackedResource" + "$ref": "../../../common/v1/types.json#/definitions/TrackedResource2" } ] }, diff --git a/specification/security/resource-manager/common/v1/types.json b/specification/security/resource-manager/common/v1/types.json index 8d9d30019734..f9bafafe60a0 100644 --- a/specification/security/resource-manager/common/v1/types.json +++ b/specification/security/resource-manager/common/v1/types.json @@ -77,6 +77,27 @@ "$ref": "#/definitions/Tags" } ] + }, + "TrackedResource2": { + "type": "object", + "description": "Describes an Azure tracked resource.", + "allOf": [ + { + "$ref": "#/definitions/Resource" + }, + { + "$ref": "#/definitions/Location2" + }, + { + "$ref": "#/definitions/Kind" + }, + { + "$ref": "#/definitions/ETag" + }, + { + "$ref": "#/definitions/Tags" + } + ] }, "ETag": { "type": "object", @@ -114,6 +135,17 @@ "Location": { "type": "object", "description": "Describes an Azure resource with location", + "properties": { + "location": { + "readOnly": true, + "type": "string", + "description": "Location where the resource is stored" + } + } + }, + "Location2": { + "type": "object", + "description": "Describes an Azure resource with location", "properties": { "location": { "type": "string", From b80ad9b2433f0e5cac43a30d35d8a84a23c41267 Mon Sep 17 00:00:00 2001 From: surashed <55134940+surashed@users.noreply.github.com> Date: Tue, 18 Aug 2020 11:59:25 +0300 Subject: [PATCH 04/12] Add new read/write location and add new type TrackedResourceLocation --- .../preview/2019-01-01-preview/automations.json | 2 +- .../security/resource-manager/common/v1/types.json | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/automations.json b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/automations.json index 56ee1aed6e20..3f1112343ff0 100644 --- a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/automations.json +++ b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/automations.json @@ -328,7 +328,7 @@ }, "allOf": [ { - "$ref": "../../../common/v1/types.json#/definitions/TrackedResource2" + "$ref": "../../../common/v1/types.json#/definitions/TrackedResourceLocation" } ] }, diff --git a/specification/security/resource-manager/common/v1/types.json b/specification/security/resource-manager/common/v1/types.json index f9bafafe60a0..2110c5c41af7 100644 --- a/specification/security/resource-manager/common/v1/types.json +++ b/specification/security/resource-manager/common/v1/types.json @@ -78,7 +78,7 @@ } ] }, - "TrackedResource2": { + "TrackedResourceLocation": { "type": "object", "description": "Describes an Azure tracked resource.", "allOf": [ @@ -86,7 +86,7 @@ "$ref": "#/definitions/Resource" }, { - "$ref": "#/definitions/Location2" + "$ref": "#/definitions/LocationReadAndWrite" }, { "$ref": "#/definitions/Kind" @@ -121,7 +121,7 @@ } } } - }, + },` "Kind": { "type": "object", "description": "Describes an Azure resource with kind", @@ -143,7 +143,7 @@ } } }, - "Location2": { + "LocationReadAndWrite": { "type": "object", "description": "Describes an Azure resource with location", "properties": { From 193945c65d537eb1ba2e08dfe93cbe23e1d03362 Mon Sep 17 00:00:00 2001 From: surashed <55134940+surashed@users.noreply.github.com> Date: Tue, 18 Aug 2020 16:46:08 +0300 Subject: [PATCH 05/12] Minor --- .../2019-01-01-preview/automations.json | 2 +- .../resource-manager/common/v1/types.json | 21 ------------------- 2 files changed, 1 insertion(+), 22 deletions(-) diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/automations.json b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/automations.json index 3f1112343ff0..1121d592edc7 100644 --- a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/automations.json +++ b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/automations.json @@ -328,7 +328,7 @@ }, "allOf": [ { - "$ref": "../../../common/v1/types.json#/definitions/TrackedResourceLocation" + "$ref": "../../../common/v1/types.json#/definitions/TrackedResource" } ] }, diff --git a/specification/security/resource-manager/common/v1/types.json b/specification/security/resource-manager/common/v1/types.json index 2110c5c41af7..50b5f97793a7 100644 --- a/specification/security/resource-manager/common/v1/types.json +++ b/specification/security/resource-manager/common/v1/types.json @@ -60,27 +60,6 @@ "TrackedResource": { "type": "object", "description": "Describes an Azure tracked resource.", - "allOf": [ - { - "$ref": "#/definitions/Resource" - }, - { - "$ref": "#/definitions/Location" - }, - { - "$ref": "#/definitions/Kind" - }, - { - "$ref": "#/definitions/ETag" - }, - { - "$ref": "#/definitions/Tags" - } - ] - }, - "TrackedResourceLocation": { - "type": "object", - "description": "Describes an Azure tracked resource.", "allOf": [ { "$ref": "#/definitions/Resource" From f4819451684dcfd5784bb841eab64a1bc7ab3fa1 Mon Sep 17 00:00:00 2001 From: surashed <55134940+surashed@users.noreply.github.com> Date: Tue, 18 Aug 2020 17:05:09 +0300 Subject: [PATCH 06/12] minor --- specification/security/resource-manager/common/v1/types.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specification/security/resource-manager/common/v1/types.json b/specification/security/resource-manager/common/v1/types.json index 50b5f97793a7..34e3d804c2b0 100644 --- a/specification/security/resource-manager/common/v1/types.json +++ b/specification/security/resource-manager/common/v1/types.json @@ -100,7 +100,7 @@ } } } - },` + }, "Kind": { "type": "object", "description": "Describes an Azure resource with kind", From 49286fe3dd4bb1eaf7ed7a54b65fecf6f7f89109 Mon Sep 17 00:00:00 2001 From: surashed <55134940+surashed@users.noreply.github.com> Date: Tue, 18 Aug 2020 17:33:42 +0300 Subject: [PATCH 07/12] prettier fixes --- specification/security/resource-manager/common/v1/types.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/specification/security/resource-manager/common/v1/types.json b/specification/security/resource-manager/common/v1/types.json index 34e3d804c2b0..01e10c2bec1e 100644 --- a/specification/security/resource-manager/common/v1/types.json +++ b/specification/security/resource-manager/common/v1/types.json @@ -116,13 +116,13 @@ "description": "Describes an Azure resource with location", "properties": { "location": { - "readOnly": true, + "readOnly": true, "type": "string", "description": "Location where the resource is stored" } } }, - "LocationReadAndWrite": { + "LocationReadAndWrite": { "type": "object", "description": "Describes an Azure resource with location", "properties": { From e58a0d78cad8d423cd73efc74a9ef6b643b09ca9 Mon Sep 17 00:00:00 2001 From: surashed <55134940+surashed@users.noreply.github.com> Date: Wed, 19 Aug 2020 09:16:07 +0300 Subject: [PATCH 08/12] Change variable name to TrackedResourceLocation --- specification/security/resource-manager/common/v1/types.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/specification/security/resource-manager/common/v1/types.json b/specification/security/resource-manager/common/v1/types.json index 01e10c2bec1e..d97b4a30c1ec 100644 --- a/specification/security/resource-manager/common/v1/types.json +++ b/specification/security/resource-manager/common/v1/types.json @@ -65,7 +65,7 @@ "$ref": "#/definitions/Resource" }, { - "$ref": "#/definitions/LocationReadAndWrite" + "$ref": "#/definitions/TrackedResourceLocation" }, { "$ref": "#/definitions/Kind" @@ -122,7 +122,7 @@ } } }, - "LocationReadAndWrite": { + "TrackedResourceLocation": { "type": "object", "description": "Describes an Azure resource with location", "properties": { From a4cf2984417044e5c52ff0746d2fe0b5c2d6ea7f Mon Sep 17 00:00:00 2001 From: surashed <55134940+surashed@users.noreply.github.com> Date: Thu, 27 Aug 2020 12:44:34 +0300 Subject: [PATCH 09/12] Change type name TrackedResourceLocation to AzureTrackedResourceLocation --- specification/security/resource-manager/common/v1/types.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/specification/security/resource-manager/common/v1/types.json b/specification/security/resource-manager/common/v1/types.json index d97b4a30c1ec..bfb922e1a2f0 100644 --- a/specification/security/resource-manager/common/v1/types.json +++ b/specification/security/resource-manager/common/v1/types.json @@ -65,7 +65,7 @@ "$ref": "#/definitions/Resource" }, { - "$ref": "#/definitions/TrackedResourceLocation" + "$ref": "#/definitions/AzureTrackedResourceLocation" }, { "$ref": "#/definitions/Kind" @@ -122,7 +122,7 @@ } } }, - "TrackedResourceLocation": { + "AzureTrackedResourceLocation": { "type": "object", "description": "Describes an Azure resource with location", "properties": { From a310d977fb415e149ad61a8a3054ff0c5a8d78f0 Mon Sep 17 00:00:00 2001 From: surashed <55134940+surashed@users.noreply.github.com> Date: Thu, 27 Aug 2020 15:47:48 +0300 Subject: [PATCH 10/12] Update automations example --- .../Automations/PutAutomationAllAssessments_example.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomationAllAssessments_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomationAllAssessments_example.json index 9442b2725e30..59b97b381e18 100644 --- a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomationAllAssessments_example.json +++ b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomationAllAssessments_example.json @@ -19,8 +19,7 @@ ], "sources": [ { - "eventSource": "Assessments", - "ruleSets": [] + "eventSource": "Assessments" } ], "actions": [ From 1022679559dba4a23c33af8e01f5fb8c14179867 Mon Sep 17 00:00:00 2001 From: surashed <55134940+surashed@users.noreply.github.com> Date: Sun, 8 Nov 2020 16:25:11 +0200 Subject: [PATCH 11/12] Add SecureScores & SecureScoreControls as new supported datatypes in Automations resource --- .../preview/2019-01-01-preview/automations.json | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/automations.json b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/automations.json index 1121d592edc7..af9b13b601ea 100644 --- a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/automations.json +++ b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/automations.json @@ -377,7 +377,9 @@ "enum": [ "Assessments", "SubAssessments", - "Alerts" + "Alerts", + "SecureScores", + "SecureScoreControls" ], "x-ms-enum": { "name": "EventSource", @@ -391,6 +393,12 @@ }, { "value": "Alerts" + }, + { + "value": "SecureScores" + }, + { + "value": "SecureScoreControls" } ] } From 69a6f731b17144e9f2b9c38017cc1f68f108ff09 Mon Sep 17 00:00:00 2001 From: surashed <55134940+surashed@users.noreply.github.com> Date: Mon, 21 Dec 2020 07:08:43 +0200 Subject: [PATCH 12/12] [ASC.Automations] add new data type RegulatoryComplianceAssessment --- .../preview/2019-01-01-preview/automations.json | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/automations.json b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/automations.json index af9b13b601ea..37edd5ed07f1 100644 --- a/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/automations.json +++ b/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/automations.json @@ -379,7 +379,8 @@ "SubAssessments", "Alerts", "SecureScores", - "SecureScoreControls" + "SecureScoreControls", + "RegulatoryComplianceAssessment" ], "x-ms-enum": { "name": "EventSource", @@ -399,6 +400,9 @@ }, { "value": "SecureScoreControls" + }, + { + "value": "RegulatoryComplianceAssessment" } ] }