Vytvoří nebo aktualizuje automatizaci zabezpečení. Pokud už je automatizace zabezpečení vytvořená a následně se odešle požadavek na stejné ID automatizace, aktualizuje se.
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/automations/{automationName}?api-version=2019-01-01-preview
Parametry identifikátoru URI
Name |
V |
Vyžadováno |
Typ |
Description |
automationName
|
path |
True
|
string
|
Název automatizace zabezpečení.
|
resourceGroupName
|
path |
True
|
string
|
Název skupiny prostředků v rámci předplatného uživatele. V názvu se rozlišují malá a velká písmena.
Regex pattern: ^[-\w\._\(\)]+$
|
subscriptionId
|
path |
True
|
string
|
ID předplatného Azure
Regex pattern: ^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$
|
api-version
|
query |
True
|
string
|
Verze rozhraní API pro operaci
|
Text požadavku
Name |
Typ |
Description |
etag
|
string
|
Značka entity se používá k porovnání dvou nebo více entit ze stejného požadovaného prostředku.
|
kind
|
string
|
Druh prostředku
|
location
|
string
|
Umístění, kde je prostředek uložený
|
properties.actions
|
AutomationAction[]:
|
Kolekce akcí, které se aktivují, pokud jsou všechna nakonfigurovaná vyhodnocení pravidel v rámci alespoň jedné sady pravidel pravdivá.
|
properties.description
|
string
|
Popis automatizace zabezpečení
|
properties.isEnabled
|
boolean
|
Označuje, jestli je povolená automatizace zabezpečení.
|
properties.scopes
|
AutomationScope[]
|
Kolekce oborů, na které se používá logika automatizace zabezpečení. Podporované obory jsou samotné předplatné nebo skupina prostředků v rámci tohoto předplatného. Automatizace se použije pouze u definovaných oborů.
|
properties.sources
|
AutomationSource[]
|
Kolekce typů zdrojových událostí, které vyhodnocují sadu pravidel automatizace zabezpečení.
|
tags
|
object
|
Seznam párů hodnot klíčů, které popisují prostředek.
|
Odpovědi
Name |
Typ |
Description |
200 OK
|
Automation
|
OK
|
201 Created
|
Automation
|
Vytvořeno
|
Other Status Codes
|
CloudError
|
Chybová odpověď, která popisuje, proč operace selhala.
|
Zabezpečení
azure_auth
Tok Azure Active Directory OAuth2
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
Name |
Description |
user_impersonation
|
zosobnění uživatelského účtu
|
Příklady
Create or update a security automation for all assessments (including all severities)
Sample Request
PUT https://management.azure.com/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/automations/exampleAutomation?api-version=2019-01-01-preview
{
"location": "Central US",
"etag": "etag value (must be supplied for update)",
"tags": {},
"properties": {
"description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment",
"isEnabled": true,
"scopes": [
{
"description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
"scopePath": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"
}
],
"sources": [
{
"eventSource": "Assessments"
}
],
"actions": [
{
"logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1",
"actionType": "LogicApp",
"uri": "https://exampleTriggerUri1.com"
}
]
}
}
import com.azure.resourcemanager.security.models.AutomationActionLogicApp;
import com.azure.resourcemanager.security.models.AutomationScope;
import com.azure.resourcemanager.security.models.AutomationSource;
import com.azure.resourcemanager.security.models.EventSource;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/** Samples for Automations CreateOrUpdate. */
public final class Main {
/*
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomationAllAssessments_example.json
*/
/**
* Sample code: Create or update a security automation for all assessments (including all severities).
*
* @param manager Entry point to SecurityManager.
*/
public static void createOrUpdateASecurityAutomationForAllAssessmentsIncludingAllSeverities(
com.azure.resourcemanager.security.SecurityManager manager) {
manager
.automations()
.define("exampleAutomation")
.withRegion("Central US")
.withExistingResourceGroup("exampleResourceGroup")
.withTags(mapOf())
.withDescription(
"An example of a security automation that triggers one LogicApp resource (myTest1) on any security"
+ " assessment")
.withIsEnabled(true)
.withScopes(
Arrays
.asList(
new AutomationScope()
.withDescription(
"A description that helps to identify this scope - for example: security assessments"
+ " that relate to the resource group myResourceGroup within the subscription"
+ " a5caac9c-5c04-49af-b3d0-e204f40345d5")
.withScopePath(
"/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup")))
.withSources(Arrays.asList(new AutomationSource().withEventSource(EventSource.ASSESSMENTS)))
.withActions(
Arrays
.asList(
new AutomationActionLogicApp()
.withLogicAppResourceId(
"/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1")
.withUri("https://exampleTriggerUri1.com")))
.create();
}
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e716082ac474f182e2220e4f38f1d6191e7636cf/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomationAllAssessments_example.json
func ExampleAutomationsClient_CreateOrUpdate_createOrUpdateASecurityAutomationForAllAssessmentsIncludingAllSeverities() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAutomationsClient().CreateOrUpdate(ctx, "exampleResourceGroup", "exampleAutomation", armsecurity.Automation{
Location: to.Ptr("Central US"),
Etag: to.Ptr("etag value (must be supplied for update)"),
Tags: map[string]*string{},
Properties: &armsecurity.AutomationProperties{
Description: to.Ptr("An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment"),
Actions: []armsecurity.AutomationActionClassification{
&armsecurity.AutomationActionLogicApp{
ActionType: to.Ptr(armsecurity.ActionTypeLogicApp),
LogicAppResourceID: to.Ptr("/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1"),
URI: to.Ptr("https://exampleTriggerUri1.com"),
}},
IsEnabled: to.Ptr(true),
Scopes: []*armsecurity.AutomationScope{
{
Description: to.Ptr("A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5"),
ScopePath: to.Ptr("/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"),
}},
Sources: []*armsecurity.AutomationSource{
{
EventSource: to.Ptr(armsecurity.EventSourceAssessments),
}},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Automation = armsecurity.Automation{
// Location: to.Ptr("Central US"),
// Etag: to.Ptr("new etag value"),
// Name: to.Ptr("exampleAutomation"),
// Type: to.Ptr("Microsoft.Security/automations"),
// ID: to.Ptr("/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/automations/exampleAutomation"),
// Tags: map[string]*string{
// },
// Properties: &armsecurity.AutomationProperties{
// Description: to.Ptr("An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment"),
// Actions: []armsecurity.AutomationActionClassification{
// &armsecurity.AutomationActionLogicApp{
// ActionType: to.Ptr(armsecurity.ActionTypeLogicApp),
// LogicAppResourceID: to.Ptr("/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1"),
// }},
// IsEnabled: to.Ptr(true),
// Scopes: []*armsecurity.AutomationScope{
// {
// Description: to.Ptr("A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5"),
// ScopePath: to.Ptr("/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"),
// }},
// Sources: []*armsecurity.AutomationSource{
// {
// EventSource: to.Ptr(armsecurity.EventSourceAssessments),
// RuleSets: []*armsecurity.AutomationRuleSet{
// },
// }},
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Creates or updates a security automation. If a security automation is already created and a subsequent request is issued for the same automation id, then it will be updated.
*
* @summary Creates or updates a security automation. If a security automation is already created and a subsequent request is issued for the same automation id, then it will be updated.
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomationAllAssessments_example.json
*/
async function createOrUpdateASecurityAutomationForAllAssessmentsIncludingAllSeverities() {
const subscriptionId =
process.env["SECURITY_SUBSCRIPTION_ID"] || "a5caac9c-5c04-49af-b3d0-e204f40345d5";
const resourceGroupName = process.env["SECURITY_RESOURCE_GROUP"] || "exampleResourceGroup";
const automationName = "exampleAutomation";
const automation = {
description:
"An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment",
actions: [
{
actionType: "LogicApp",
logicAppResourceId:
"/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1",
uri: "https://exampleTriggerUri1.com",
},
],
etag: "etag value (must be supplied for update)",
isEnabled: true,
location: "Central US",
scopes: [
{
description:
"A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
scopePath:
"/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup",
},
],
sources: [{ eventSource: "Assessments" }],
tags: {},
};
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential, subscriptionId);
const result = await client.automations.createOrUpdate(
resourceGroupName,
automationName,
automation
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;
// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomationAllAssessments_example.json
// this example is just showing the usage of "Automations_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this SecurityAutomationResource created on azure
// for more information of creating SecurityAutomationResource, please refer to the document of SecurityAutomationResource
string subscriptionId = "a5caac9c-5c04-49af-b3d0-e204f40345d5";
string resourceGroupName = "exampleResourceGroup";
string automationName = "exampleAutomation";
ResourceIdentifier securityAutomationResourceId = SecurityAutomationResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, automationName);
SecurityAutomationResource securityAutomation = client.GetSecurityAutomationResource(securityAutomationResourceId);
// invoke the operation
SecurityAutomationData data = new SecurityAutomationData(new AzureLocation("Central US"))
{
Description = "An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment",
IsEnabled = true,
Scopes =
{
new SecurityAutomationScope()
{
Description = "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
ScopePath = "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup",
}
},
Sources =
{
new SecurityAutomationSource()
{
EventSource = SecurityEventSource.Assessments,
}
},
Actions =
{
new SecurityAutomationActionLogicApp()
{
LogicAppResourceId = new ResourceIdentifier("/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1"),
Uri = new Uri("https://exampleTriggerUri1.com"),
}
},
ETag = new ETag("etag value (must be supplied for update)"),
Tags =
{
},
};
ArmOperation<SecurityAutomationResource> lro = await securityAutomation.UpdateAsync(WaitUntil.Completed, data);
SecurityAutomationResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
SecurityAutomationData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample Response
{
"id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/automations/exampleAutomation",
"name": "exampleAutomation",
"type": "Microsoft.Security/automations",
"location": "Central US",
"etag": "new etag value",
"tags": {},
"properties": {
"description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment",
"isEnabled": true,
"scopes": [
{
"description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
"scopePath": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"
}
],
"sources": [
{
"eventSource": "Assessments",
"ruleSets": []
}
],
"actions": [
{
"logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1",
"actionType": "LogicApp"
}
]
}
}
{
"id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/SecurityAutomations/exampleAutomation",
"name": "exampleAutomation",
"type": "Microsoft.Security/SecurityAutomations",
"location": "Central US",
"etag": "new etag value",
"tags": {},
"properties": {
"description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment",
"isEnabled": true,
"scopes": [
{
"description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
"scopePath": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"
}
],
"sources": [
{
"eventSource": "Assessments",
"ruleSets": []
}
],
"actions": [
{
"logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1",
"actionType": "LogicApp"
}
]
}
}
Create or update a security automation for all high severity assessments
Sample Request
PUT https://management.azure.com/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/automations/exampleAutomation?api-version=2019-01-01-preview
{
"location": "Central US",
"etag": "etag value (must be supplied for update)",
"tags": {},
"properties": {
"description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any high severity security assessment",
"isEnabled": true,
"scopes": [
{
"description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
"scopePath": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"
}
],
"sources": [
{
"eventSource": "Assessments",
"ruleSets": [
{
"rules": [
{
"propertyJPath": "properties.metadata.severity",
"propertyType": "String",
"expectedValue": "High",
"operator": "Equals"
}
]
}
]
}
],
"actions": [
{
"logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1",
"actionType": "LogicApp",
"uri": "https://exampleTriggerUri1.com"
}
]
}
}
import com.azure.resourcemanager.security.models.AutomationActionLogicApp;
import com.azure.resourcemanager.security.models.AutomationRuleSet;
import com.azure.resourcemanager.security.models.AutomationScope;
import com.azure.resourcemanager.security.models.AutomationSource;
import com.azure.resourcemanager.security.models.AutomationTriggeringRule;
import com.azure.resourcemanager.security.models.EventSource;
import com.azure.resourcemanager.security.models.Operator;
import com.azure.resourcemanager.security.models.PropertyType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/** Samples for Automations CreateOrUpdate. */
public final class Main {
/*
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomationHighSeverityAssessments_example.json
*/
/**
* Sample code: Create or update a security automation for all high severity assessments.
*
* @param manager Entry point to SecurityManager.
*/
public static void createOrUpdateASecurityAutomationForAllHighSeverityAssessments(
com.azure.resourcemanager.security.SecurityManager manager) {
manager
.automations()
.define("exampleAutomation")
.withRegion("Central US")
.withExistingResourceGroup("exampleResourceGroup")
.withTags(mapOf())
.withDescription(
"An example of a security automation that triggers one LogicApp resource (myTest1) on any high severity"
+ " security assessment")
.withIsEnabled(true)
.withScopes(
Arrays
.asList(
new AutomationScope()
.withDescription(
"A description that helps to identify this scope - for example: security assessments"
+ " that relate to the resource group myResourceGroup within the subscription"
+ " a5caac9c-5c04-49af-b3d0-e204f40345d5")
.withScopePath(
"/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup")))
.withSources(
Arrays
.asList(
new AutomationSource()
.withEventSource(EventSource.ASSESSMENTS)
.withRuleSets(
Arrays
.asList(
new AutomationRuleSet()
.withRules(
Arrays
.asList(
new AutomationTriggeringRule()
.withPropertyJPath("properties.metadata.severity")
.withPropertyType(PropertyType.STRING)
.withExpectedValue("High")
.withOperator(Operator.EQUALS)))))))
.withActions(
Arrays
.asList(
new AutomationActionLogicApp()
.withLogicAppResourceId(
"/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1")
.withUri("https://exampleTriggerUri1.com")))
.create();
}
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e716082ac474f182e2220e4f38f1d6191e7636cf/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomationHighSeverityAssessments_example.json
func ExampleAutomationsClient_CreateOrUpdate_createOrUpdateASecurityAutomationForAllHighSeverityAssessments() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAutomationsClient().CreateOrUpdate(ctx, "exampleResourceGroup", "exampleAutomation", armsecurity.Automation{
Location: to.Ptr("Central US"),
Etag: to.Ptr("etag value (must be supplied for update)"),
Tags: map[string]*string{},
Properties: &armsecurity.AutomationProperties{
Description: to.Ptr("An example of a security automation that triggers one LogicApp resource (myTest1) on any high severity security assessment"),
Actions: []armsecurity.AutomationActionClassification{
&armsecurity.AutomationActionLogicApp{
ActionType: to.Ptr(armsecurity.ActionTypeLogicApp),
LogicAppResourceID: to.Ptr("/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1"),
URI: to.Ptr("https://exampleTriggerUri1.com"),
}},
IsEnabled: to.Ptr(true),
Scopes: []*armsecurity.AutomationScope{
{
Description: to.Ptr("A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5"),
ScopePath: to.Ptr("/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"),
}},
Sources: []*armsecurity.AutomationSource{
{
EventSource: to.Ptr(armsecurity.EventSourceAssessments),
RuleSets: []*armsecurity.AutomationRuleSet{
{
Rules: []*armsecurity.AutomationTriggeringRule{
{
ExpectedValue: to.Ptr("High"),
Operator: to.Ptr(armsecurity.OperatorEquals),
PropertyJPath: to.Ptr("properties.metadata.severity"),
PropertyType: to.Ptr(armsecurity.PropertyTypeString),
}},
}},
}},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Automation = armsecurity.Automation{
// Location: to.Ptr("Central US"),
// Etag: to.Ptr("new etag value"),
// Name: to.Ptr("exampleAutomation"),
// Type: to.Ptr("Microsoft.Security/automations"),
// ID: to.Ptr("/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/automations/exampleAutomation"),
// Tags: map[string]*string{
// },
// Properties: &armsecurity.AutomationProperties{
// Description: to.Ptr("An example of a security automation that triggers one LogicApp resource (myTest1) on any high severity security assessment"),
// Actions: []armsecurity.AutomationActionClassification{
// &armsecurity.AutomationActionLogicApp{
// ActionType: to.Ptr(armsecurity.ActionTypeLogicApp),
// LogicAppResourceID: to.Ptr("/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1"),
// }},
// IsEnabled: to.Ptr(true),
// Scopes: []*armsecurity.AutomationScope{
// {
// Description: to.Ptr("A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5"),
// ScopePath: to.Ptr("/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"),
// }},
// Sources: []*armsecurity.AutomationSource{
// {
// EventSource: to.Ptr(armsecurity.EventSourceAssessments),
// RuleSets: []*armsecurity.AutomationRuleSet{
// {
// Rules: []*armsecurity.AutomationTriggeringRule{
// {
// ExpectedValue: to.Ptr("High"),
// Operator: to.Ptr(armsecurity.OperatorEquals),
// PropertyJPath: to.Ptr("properties.metadata.severity"),
// PropertyType: to.Ptr(armsecurity.PropertyTypeString),
// }},
// }},
// }},
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Creates or updates a security automation. If a security automation is already created and a subsequent request is issued for the same automation id, then it will be updated.
*
* @summary Creates or updates a security automation. If a security automation is already created and a subsequent request is issued for the same automation id, then it will be updated.
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomationHighSeverityAssessments_example.json
*/
async function createOrUpdateASecurityAutomationForAllHighSeverityAssessments() {
const subscriptionId =
process.env["SECURITY_SUBSCRIPTION_ID"] || "a5caac9c-5c04-49af-b3d0-e204f40345d5";
const resourceGroupName = process.env["SECURITY_RESOURCE_GROUP"] || "exampleResourceGroup";
const automationName = "exampleAutomation";
const automation = {
description:
"An example of a security automation that triggers one LogicApp resource (myTest1) on any high severity security assessment",
actions: [
{
actionType: "LogicApp",
logicAppResourceId:
"/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1",
uri: "https://exampleTriggerUri1.com",
},
],
etag: "etag value (must be supplied for update)",
isEnabled: true,
location: "Central US",
scopes: [
{
description:
"A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
scopePath:
"/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup",
},
],
sources: [
{
eventSource: "Assessments",
ruleSets: [
{
rules: [
{
expectedValue: "High",
operator: "Equals",
propertyJPath: "properties.metadata.severity",
propertyType: "String",
},
],
},
],
},
],
tags: {},
};
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential, subscriptionId);
const result = await client.automations.createOrUpdate(
resourceGroupName,
automationName,
automation
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;
// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomationHighSeverityAssessments_example.json
// this example is just showing the usage of "Automations_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this SecurityAutomationResource created on azure
// for more information of creating SecurityAutomationResource, please refer to the document of SecurityAutomationResource
string subscriptionId = "a5caac9c-5c04-49af-b3d0-e204f40345d5";
string resourceGroupName = "exampleResourceGroup";
string automationName = "exampleAutomation";
ResourceIdentifier securityAutomationResourceId = SecurityAutomationResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, automationName);
SecurityAutomationResource securityAutomation = client.GetSecurityAutomationResource(securityAutomationResourceId);
// invoke the operation
SecurityAutomationData data = new SecurityAutomationData(new AzureLocation("Central US"))
{
Description = "An example of a security automation that triggers one LogicApp resource (myTest1) on any high severity security assessment",
IsEnabled = true,
Scopes =
{
new SecurityAutomationScope()
{
Description = "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
ScopePath = "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup",
}
},
Sources =
{
new SecurityAutomationSource()
{
EventSource = SecurityEventSource.Assessments,
RuleSets =
{
new SecurityAutomationRuleSet()
{
Rules =
{
new SecurityAutomationTriggeringRule()
{
PropertyJPath = "properties.metadata.severity",
PropertyType = AutomationTriggeringRulePropertyType.String,
ExpectedValue = "High",
Operator = AutomationTriggeringRuleOperator.EqualsValue,
}
},
}
},
}
},
Actions =
{
new SecurityAutomationActionLogicApp()
{
LogicAppResourceId = new ResourceIdentifier("/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1"),
Uri = new Uri("https://exampleTriggerUri1.com"),
}
},
ETag = new ETag("etag value (must be supplied for update)"),
Tags =
{
},
};
ArmOperation<SecurityAutomationResource> lro = await securityAutomation.UpdateAsync(WaitUntil.Completed, data);
SecurityAutomationResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
SecurityAutomationData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample Response
{
"id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/automations/exampleAutomation",
"name": "exampleAutomation",
"type": "Microsoft.Security/automations",
"location": "Central US",
"etag": "new etag value",
"tags": {},
"properties": {
"description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any high severity security assessment",
"isEnabled": true,
"scopes": [
{
"description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
"scopePath": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"
}
],
"sources": [
{
"eventSource": "Assessments",
"ruleSets": [
{
"rules": [
{
"propertyJPath": "properties.metadata.severity",
"propertyType": "String",
"expectedValue": "High",
"operator": "Equals"
}
]
}
]
}
],
"actions": [
{
"logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1",
"actionType": "LogicApp"
}
]
}
}
{
"id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/SecurityAutomations/exampleAutomation",
"name": "exampleAutomation",
"type": "Microsoft.Security/SecurityAutomations",
"location": "Central US",
"etag": "new etag value",
"tags": {},
"properties": {
"description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any high severity security assessment",
"isEnabled": true,
"scopes": [
{
"description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
"scopePath": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"
}
],
"sources": [
{
"eventSource": "Assessments",
"ruleSets": [
{
"rules": [
{
"propertyJPath": "properties.metadata.severity",
"propertyType": "String",
"expectedValue": "High",
"operator": "Equals"
}
]
}
]
}
],
"actions": [
{
"logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1",
"actionType": "LogicApp"
}
]
}
}
Disable or enable a security automation
Sample Request
PUT https://management.azure.com/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/automations/exampleAutomation?api-version=2019-01-01-preview
{
"location": "Central US",
"etag": "etag value (must be supplied for update)",
"tags": {},
"properties": {
"description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment of type customAssessment",
"isEnabled": false,
"scopes": [
{
"description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
"scopePath": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"
}
],
"sources": [
{
"eventSource": "Assessments",
"ruleSets": [
{
"rules": [
{
"propertyJPath": "$.Entity.AssessmentType",
"propertyType": "String",
"expectedValue": "customAssessment",
"operator": "Equals"
}
]
}
]
}
],
"actions": [
{
"logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1",
"actionType": "LogicApp",
"uri": "https://exampleTriggerUri1.com"
}
]
}
}
import com.azure.resourcemanager.security.models.AutomationActionLogicApp;
import com.azure.resourcemanager.security.models.AutomationRuleSet;
import com.azure.resourcemanager.security.models.AutomationScope;
import com.azure.resourcemanager.security.models.AutomationSource;
import com.azure.resourcemanager.security.models.AutomationTriggeringRule;
import com.azure.resourcemanager.security.models.EventSource;
import com.azure.resourcemanager.security.models.Operator;
import com.azure.resourcemanager.security.models.PropertyType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/** Samples for Automations CreateOrUpdate. */
public final class Main {
/*
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutDisableAutomation_example.json
*/
/**
* Sample code: Disable or enable a security automation.
*
* @param manager Entry point to SecurityManager.
*/
public static void disableOrEnableASecurityAutomation(com.azure.resourcemanager.security.SecurityManager manager) {
manager
.automations()
.define("exampleAutomation")
.withRegion("Central US")
.withExistingResourceGroup("exampleResourceGroup")
.withTags(mapOf())
.withDescription(
"An example of a security automation that triggers one LogicApp resource (myTest1) on any security"
+ " assessment of type customAssessment")
.withIsEnabled(false)
.withScopes(
Arrays
.asList(
new AutomationScope()
.withDescription(
"A description that helps to identify this scope - for example: security assessments"
+ " that relate to the resource group myResourceGroup within the subscription"
+ " a5caac9c-5c04-49af-b3d0-e204f40345d5")
.withScopePath(
"/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup")))
.withSources(
Arrays
.asList(
new AutomationSource()
.withEventSource(EventSource.ASSESSMENTS)
.withRuleSets(
Arrays
.asList(
new AutomationRuleSet()
.withRules(
Arrays
.asList(
new AutomationTriggeringRule()
.withPropertyJPath("$.Entity.AssessmentType")
.withPropertyType(PropertyType.STRING)
.withExpectedValue("customAssessment")
.withOperator(Operator.EQUALS)))))))
.withActions(
Arrays
.asList(
new AutomationActionLogicApp()
.withLogicAppResourceId(
"/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1")
.withUri("https://exampleTriggerUri1.com")))
.create();
}
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e716082ac474f182e2220e4f38f1d6191e7636cf/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutDisableAutomation_example.json
func ExampleAutomationsClient_CreateOrUpdate_disableOrEnableASecurityAutomation() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAutomationsClient().CreateOrUpdate(ctx, "exampleResourceGroup", "exampleAutomation", armsecurity.Automation{
Location: to.Ptr("Central US"),
Etag: to.Ptr("etag value (must be supplied for update)"),
Tags: map[string]*string{},
Properties: &armsecurity.AutomationProperties{
Description: to.Ptr("An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment of type customAssessment"),
Actions: []armsecurity.AutomationActionClassification{
&armsecurity.AutomationActionLogicApp{
ActionType: to.Ptr(armsecurity.ActionTypeLogicApp),
LogicAppResourceID: to.Ptr("/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1"),
URI: to.Ptr("https://exampleTriggerUri1.com"),
}},
IsEnabled: to.Ptr(false),
Scopes: []*armsecurity.AutomationScope{
{
Description: to.Ptr("A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5"),
ScopePath: to.Ptr("/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"),
}},
Sources: []*armsecurity.AutomationSource{
{
EventSource: to.Ptr(armsecurity.EventSourceAssessments),
RuleSets: []*armsecurity.AutomationRuleSet{
{
Rules: []*armsecurity.AutomationTriggeringRule{
{
ExpectedValue: to.Ptr("customAssessment"),
Operator: to.Ptr(armsecurity.OperatorEquals),
PropertyJPath: to.Ptr("$.Entity.AssessmentType"),
PropertyType: to.Ptr(armsecurity.PropertyTypeString),
}},
}},
}},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Automation = armsecurity.Automation{
// Location: to.Ptr("Central US"),
// Etag: to.Ptr("new etag value"),
// Name: to.Ptr("exampleAutomation"),
// Type: to.Ptr("Microsoft.Security/automations"),
// ID: to.Ptr("/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/automations/exampleAutomation"),
// Tags: map[string]*string{
// },
// Properties: &armsecurity.AutomationProperties{
// Description: to.Ptr("An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment of type customAssessment"),
// Actions: []armsecurity.AutomationActionClassification{
// &armsecurity.AutomationActionLogicApp{
// ActionType: to.Ptr(armsecurity.ActionTypeLogicApp),
// LogicAppResourceID: to.Ptr("/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1"),
// }},
// IsEnabled: to.Ptr(false),
// Scopes: []*armsecurity.AutomationScope{
// {
// Description: to.Ptr("A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5"),
// ScopePath: to.Ptr("/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"),
// }},
// Sources: []*armsecurity.AutomationSource{
// {
// EventSource: to.Ptr(armsecurity.EventSourceAssessments),
// RuleSets: []*armsecurity.AutomationRuleSet{
// {
// Rules: []*armsecurity.AutomationTriggeringRule{
// {
// ExpectedValue: to.Ptr("customAssessment"),
// Operator: to.Ptr(armsecurity.OperatorEquals),
// PropertyJPath: to.Ptr("$.Entity.AssessmentType"),
// PropertyType: to.Ptr(armsecurity.PropertyTypeString),
// }},
// }},
// }},
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Creates or updates a security automation. If a security automation is already created and a subsequent request is issued for the same automation id, then it will be updated.
*
* @summary Creates or updates a security automation. If a security automation is already created and a subsequent request is issued for the same automation id, then it will be updated.
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutDisableAutomation_example.json
*/
async function disableOrEnableASecurityAutomation() {
const subscriptionId =
process.env["SECURITY_SUBSCRIPTION_ID"] || "a5caac9c-5c04-49af-b3d0-e204f40345d5";
const resourceGroupName = process.env["SECURITY_RESOURCE_GROUP"] || "exampleResourceGroup";
const automationName = "exampleAutomation";
const automation = {
description:
"An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment of type customAssessment",
actions: [
{
actionType: "LogicApp",
logicAppResourceId:
"/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1",
uri: "https://exampleTriggerUri1.com",
},
],
etag: "etag value (must be supplied for update)",
isEnabled: false,
location: "Central US",
scopes: [
{
description:
"A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
scopePath:
"/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup",
},
],
sources: [
{
eventSource: "Assessments",
ruleSets: [
{
rules: [
{
expectedValue: "customAssessment",
operator: "Equals",
propertyJPath: "$.Entity.AssessmentType",
propertyType: "String",
},
],
},
],
},
],
tags: {},
};
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential, subscriptionId);
const result = await client.automations.createOrUpdate(
resourceGroupName,
automationName,
automation
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;
// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutDisableAutomation_example.json
// this example is just showing the usage of "Automations_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this SecurityAutomationResource created on azure
// for more information of creating SecurityAutomationResource, please refer to the document of SecurityAutomationResource
string subscriptionId = "a5caac9c-5c04-49af-b3d0-e204f40345d5";
string resourceGroupName = "exampleResourceGroup";
string automationName = "exampleAutomation";
ResourceIdentifier securityAutomationResourceId = SecurityAutomationResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, automationName);
SecurityAutomationResource securityAutomation = client.GetSecurityAutomationResource(securityAutomationResourceId);
// invoke the operation
SecurityAutomationData data = new SecurityAutomationData(new AzureLocation("Central US"))
{
Description = "An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment of type customAssessment",
IsEnabled = false,
Scopes =
{
new SecurityAutomationScope()
{
Description = "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
ScopePath = "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup",
}
},
Sources =
{
new SecurityAutomationSource()
{
EventSource = SecurityEventSource.Assessments,
RuleSets =
{
new SecurityAutomationRuleSet()
{
Rules =
{
new SecurityAutomationTriggeringRule()
{
PropertyJPath = "$.Entity.AssessmentType",
PropertyType = AutomationTriggeringRulePropertyType.String,
ExpectedValue = "customAssessment",
Operator = AutomationTriggeringRuleOperator.EqualsValue,
}
},
}
},
}
},
Actions =
{
new SecurityAutomationActionLogicApp()
{
LogicAppResourceId = new ResourceIdentifier("/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1"),
Uri = new Uri("https://exampleTriggerUri1.com"),
}
},
ETag = new ETag("etag value (must be supplied for update)"),
Tags =
{
},
};
ArmOperation<SecurityAutomationResource> lro = await securityAutomation.UpdateAsync(WaitUntil.Completed, data);
SecurityAutomationResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
SecurityAutomationData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample Response
{
"id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/automations/exampleAutomation",
"name": "exampleAutomation",
"type": "Microsoft.Security/automations",
"location": "Central US",
"etag": "new etag value",
"tags": {},
"properties": {
"description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment of type customAssessment",
"isEnabled": false,
"scopes": [
{
"description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
"scopePath": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"
}
],
"sources": [
{
"eventSource": "Assessments",
"ruleSets": [
{
"rules": [
{
"propertyJPath": "$.Entity.AssessmentType",
"propertyType": "String",
"expectedValue": "customAssessment",
"operator": "Equals"
}
]
}
]
}
],
"actions": [
{
"logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1",
"actionType": "LogicApp"
}
]
}
}
{
"id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/SecurityAutomations/exampleAutomation",
"name": "exampleAutomation",
"type": "Microsoft.Security/SecurityAutomations",
"location": "Central US",
"etag": "new etag value",
"tags": {},
"properties": {
"description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment of type customAssessment",
"isEnabled": false,
"scopes": [
{
"description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
"scopePath": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"
}
],
"sources": [
{
"eventSource": "Assessments",
"ruleSets": [
{
"rules": [
{
"propertyJPath": "$.Entity.AssessmentType",
"propertyType": "String",
"expectedValue": "customAssessment",
"operator": "Equals"
}
]
}
]
}
],
"actions": [
{
"logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1",
"actionType": "LogicApp"
}
]
}
}
Definice
Name |
Description |
Automation
|
Prostředek automatizace zabezpečení.
|
AutomationActionEventHub
|
Cílové centrum událostí, do kterého se budou exportovat data událostí. Další informace o možnostech průběžného exportu Microsoft Defender pro cloud najdete na stráncehttps://aka.ms/ASCExportLearnMore
|
AutomationActionLogicApp
|
Akce aplikace logiky, která se má aktivovat. Další informace o možnostech automatizace pracovních postupů Microsoft Defender pro cloud najdete na stráncehttps://aka.ms/ASCWorkflowAutomationLearnMore
|
AutomationActionWorkspace
|
Pracovní prostor služby Log Analytics, do kterého se budou exportovat data událostí. Data výstrah zabezpečení se budou nacházet v tabulce SecurityAlert a data posouzení se budou nacházet v tabulce SecurityRecommendation (v rámci řešení Security/SecurityCenterFree). Upozorňujeme, že aby bylo možné zobrazit data v pracovním prostoru, musí být v daném pracovním prostoru povolené bezplatné nebo standardní řešení Log Analytics služby Security Center. Další informace o možnostech průběžného exportu Microsoft Defender pro cloud najdete na stráncehttps://aka.ms/ASCExportLearnMore
|
AutomationRuleSet
|
Sada pravidel, která vyhodnocuje všechna svá pravidla při zachycování událostí. Pouze v případě, že se všechna zahrnutá pravidla v sadě pravidel vyhodnotí jako true, aktivuje událost definované akce.
|
AutomationScope
|
Jeden obor automatizace.
|
AutomationSource
|
Typy zdrojových událostí, které vyhodnocují sadu pravidel automatizace zabezpečení. Například výstrahy zabezpečení a hodnocení zabezpečení. Další informace o podporovaných schématech datových modelů událostí zabezpečení najdete na stránce https://aka.ms/ASCAutomationSchemas.
|
AutomationTriggeringRule
|
Pravidlo, které se vyhodnocuje při zachycování událostí. Pravidlo se konfiguruje porovnáním konkrétní hodnoty z modelu událostí s očekávanou hodnotou. Toto porovnání se provádí pomocí jednoho z podporovaných operátorů nastavených.
|
CloudError
|
Běžná odpověď na chybu pro všechna rozhraní API azure Resource Manager, která vrací podrobnosti o chybě pro neúspěšné operace. (To také odpovídá formátu odpovědi na chybu OData.)
|
CloudErrorBody
|
Podrobnosti o chybě.
|
ErrorAdditionalInfo
|
Další informace o chybě správy prostředků
|
EventSource
|
Platný typ zdroje událostí.
|
Operator
|
Platný operátor porovnávače, který se má použít. Porovnání nerozlišující malá a velká písmena se použije pro string PropertyType.
|
PropertyType
|
Datový typ porovnávaných operandů (řetězec, celé číslo, číslo s plovoucí desetinnou čárkou nebo logická hodnota [true/false]]
|
Automation
Prostředek automatizace zabezpečení.
Name |
Typ |
Description |
etag
|
string
|
Značka entity se používá k porovnání dvou nebo více entit ze stejného požadovaného prostředku.
|
id
|
string
|
ID prostředku
|
kind
|
string
|
Druh prostředku
|
location
|
string
|
Umístění, kde je prostředek uložený
|
name
|
string
|
Název prostředku
|
properties.actions
|
AutomationAction[]:
|
Kolekce akcí, které se aktivují, pokud jsou všechna nakonfigurovaná vyhodnocení pravidel v rámci alespoň jedné sady pravidel pravdivá.
|
properties.description
|
string
|
Popis automatizace zabezpečení
|
properties.isEnabled
|
boolean
|
Označuje, jestli je povolená automatizace zabezpečení.
|
properties.scopes
|
AutomationScope[]
|
Kolekce oborů, na které se používá logika automatizace zabezpečení. Podporované obory jsou samotné předplatné nebo skupina prostředků v rámci tohoto předplatného. Automatizace se použije pouze u definovaných oborů.
|
properties.sources
|
AutomationSource[]
|
Kolekce typů zdrojových událostí, které vyhodnocují sadu pravidel automatizace zabezpečení.
|
tags
|
object
|
Seznam párů hodnot klíčů, které popisují prostředek.
|
type
|
string
|
Typ prostředku
|
AutomationActionEventHub
Cílové centrum událostí, do kterého se budou exportovat data událostí. Další informace o možnostech průběžného exportu Microsoft Defender pro cloud najdete na stráncehttps://aka.ms/ASCExportLearnMore
Name |
Typ |
Description |
actionType
|
string:
EventHub
|
Typ akce, kterou služba Automation aktivuje
|
connectionString
|
string
|
Cílové centrum událostí připojovací řetězec (nebude zahrnuto do žádné odpovědi).
|
eventHubResourceId
|
string
|
ID prostředku Azure cílového centra událostí
|
sasPolicyName
|
string
|
Název cílové zásady SAS centra událostí.
|
AutomationActionLogicApp
Akce aplikace logiky, která se má aktivovat. Další informace o možnostech automatizace pracovních postupů Microsoft Defender pro cloud najdete na stráncehttps://aka.ms/ASCWorkflowAutomationLearnMore
Name |
Typ |
Description |
actionType
|
string:
LogicApp
|
Typ akce, kterou služba Automation aktivuje
|
logicAppResourceId
|
string
|
ID prostředku Azure aktivované aplikace logiky Může se také nacházet v jiných předplatných, protože máte oprávnění k aktivaci aplikace logiky.
|
uri
|
string
|
Koncový bod URI triggeru aplikace logiky (nebude zahrnut do žádné odpovědi).
|
AutomationActionWorkspace
Pracovní prostor služby Log Analytics, do kterého se budou exportovat data událostí. Data výstrah zabezpečení se budou nacházet v tabulce SecurityAlert a data posouzení se budou nacházet v tabulce SecurityRecommendation (v rámci řešení Security/SecurityCenterFree). Upozorňujeme, že aby bylo možné zobrazit data v pracovním prostoru, musí být v daném pracovním prostoru povolené bezplatné nebo standardní řešení Log Analytics služby Security Center. Další informace o možnostech průběžného exportu Microsoft Defender pro cloud najdete na stráncehttps://aka.ms/ASCExportLearnMore
Name |
Typ |
Description |
actionType
|
string:
Workspace
|
Typ akce, kterou služba Automation aktivuje
|
workspaceResourceId
|
string
|
Plně kvalifikované ID prostředku Azure pracovního prostoru služby Log Analytics.
|
AutomationRuleSet
Sada pravidel, která vyhodnocuje všechna svá pravidla při zachycování událostí. Pouze v případě, že se všechna zahrnutá pravidla v sadě pravidel vyhodnotí jako true, aktivuje událost definované akce.
Name |
Typ |
Description |
rules
|
AutomationTriggeringRule[]
|
Pravidlo, které se vyhodnocuje při zachycování událostí. Pravidlo se konfiguruje porovnáním konkrétní hodnoty z modelu událostí s očekávanou hodnotou. Toto porovnání se provádí pomocí jednoho z podporovaných operátorů nastavených.
|
AutomationScope
Jeden obor automatizace.
Name |
Typ |
Description |
description
|
string
|
Popis oboru prostředků
|
scopePath
|
string
|
Cesta k oboru prostředků Může to být předplatné, ve kterém je automatizace definovaná, nebo skupina prostředků v rámci daného předplatného (plně kvalifikovaná ID prostředků Azure).
|
AutomationSource
Typy zdrojových událostí, které vyhodnocují sadu pravidel automatizace zabezpečení. Například výstrahy zabezpečení a hodnocení zabezpečení. Další informace o podporovaných schématech datových modelů událostí zabezpečení najdete na stránce https://aka.ms/ASCAutomationSchemas.
Name |
Typ |
Description |
eventSource
|
EventSource
|
Platný typ zdroje událostí.
|
ruleSets
|
AutomationRuleSet[]
|
Sada pravidel, která se vyhodnocují při zachycení událostí. Mezi definovanými sadami pravidel (logickým "nebo" se používá logická disjunkce).
|
AutomationTriggeringRule
Pravidlo, které se vyhodnocuje při zachycování událostí. Pravidlo se konfiguruje porovnáním konkrétní hodnoty z modelu událostí s očekávanou hodnotou. Toto porovnání se provádí pomocí jednoho z podporovaných operátorů nastavených.
Name |
Typ |
Description |
expectedValue
|
string
|
Očekávaná hodnota
|
operator
|
Operator
|
Platný operátor porovnávače, který se má použít. Porovnání nerozlišující malá a velká písmena se použije pro string PropertyType.
|
propertyJPath
|
string
|
JPath vlastnosti modelu entity, která by měla být zkontrolována.
|
propertyType
|
PropertyType
|
Datový typ porovnávaných operandů (řetězec, celé číslo, číslo s plovoucí desetinnou čárkou nebo logická hodnota [true/false]]
|
CloudError
Běžná odpověď na chybu pro všechna rozhraní API azure Resource Manager, která vrací podrobnosti o chybě pro neúspěšné operace. (To také odpovídá formátu odpovědi na chybu OData.)
Name |
Typ |
Description |
error.additionalInfo
|
ErrorAdditionalInfo[]
|
Další informace o chybě
|
error.code
|
string
|
Kód chyby
|
error.details
|
CloudErrorBody[]
|
Podrobnosti o chybě
|
error.message
|
string
|
Chybová zpráva
|
error.target
|
string
|
Cíl chyby.
|
CloudErrorBody
Podrobnosti o chybě.
Name |
Typ |
Description |
additionalInfo
|
ErrorAdditionalInfo[]
|
Další informace o chybě
|
code
|
string
|
Kód chyby
|
details
|
CloudErrorBody[]
|
Podrobnosti o chybě
|
message
|
string
|
Chybová zpráva
|
target
|
string
|
Cíl chyby.
|
ErrorAdditionalInfo
Další informace o chybě správy prostředků
Name |
Typ |
Description |
info
|
object
|
Další informace.
|
type
|
string
|
Další typ informací.
|
EventSource
Platný typ zdroje událostí.
Name |
Typ |
Description |
Alerts
|
string
|
|
Assessments
|
string
|
|
AssessmentsSnapshot
|
string
|
|
RegulatoryComplianceAssessment
|
string
|
|
RegulatoryComplianceAssessmentSnapshot
|
string
|
|
SecureScoreControls
|
string
|
|
SecureScoreControlsSnapshot
|
string
|
|
SecureScores
|
string
|
|
SecureScoresSnapshot
|
string
|
|
SubAssessments
|
string
|
|
SubAssessmentsSnapshot
|
string
|
|
Operator
Platný operátor porovnávače, který se má použít. Porovnání nerozlišující malá a velká písmena se použije pro string PropertyType.
Name |
Typ |
Description |
Contains
|
string
|
Platí jenom pro operandy bez desetinných míst.
|
EndsWith
|
string
|
Platí jenom pro operandy bez desetinných míst.
|
Equals
|
string
|
Platí pro desetinné a ne desetinné operandy.
|
GreaterThan
|
string
|
Platí pouze pro desetinné operandy.
|
GreaterThanOrEqualTo
|
string
|
Platí pouze pro desetinné operandy.
|
LesserThan
|
string
|
Platí pouze pro desetinné operandy.
|
LesserThanOrEqualTo
|
string
|
Platí pouze pro desetinné operandy.
|
NotEquals
|
string
|
Platí pro desetinné a ne desetinné operandy.
|
StartsWith
|
string
|
Platí jenom pro operandy bez desetinných míst.
|
PropertyType
Datový typ porovnávaných operandů (řetězec, celé číslo, číslo s plovoucí desetinnou čárkou nebo logická hodnota [true/false]]
Name |
Typ |
Description |
Boolean
|
string
|
|
Integer
|
string
|
|
Number
|
string
|
|
String
|
string
|
|