Alerts - Simulate

Reference

Service:: Defender for Cloud

API Version:: 2022-01-01

Simulate security alerts

POST https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Security/locations/{ascLocation}/alerts/default/simulate?api-version=2022-01-01

URI Parameters

Name In Required Type Description

Name	In	Required	Type	Description
ascLocation	path	True	string	The location where ASC stores the data of the subscription. can be retrieved from Get locations
subscriptionId	path	True	string	Azure subscription ID Regex pattern: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`
api-version	query	True	string	API version for the operation

ascLocation

path

True

string

The location where ASC stores the data of the subscription. can be retrieved from Get locations

subscriptionId

path

True

string

Azure subscription ID

Regex pattern: ^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$

api-version

query

True

string

API version for the operation

Request Body

Name	Type	Description
properties	AlertSimulatorRequestProperties: AlertSimulatorBundlesRequestProperties	Alert Simulator request body data.

Responses

Name	Type	Description
202 Accepted		Accepted
Other Status Codes	CloudError	Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

Simulate security alerts on a subscription

Sample Request

POST https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/locations/centralus/alerts/default/simulate?api-version=2022-01-01

{
  "properties": {
    "kind": "Bundles",
    "bundles": [
      "AppServices",
      "DNS",
      "KeyVaults",
      "KubernetesService",
      "ResourceManager",
      "SqlServers",
      "StorageAccounts",
      "VirtualMachines",
      "CosmosDbs"
    ]
  }
}

import com.azure.resourcemanager.security.models.AlertSimulatorBundlesRequestProperties;
import com.azure.resourcemanager.security.models.AlertSimulatorRequestBody;
import com.azure.resourcemanager.security.models.BundleType;
import java.util.Arrays;

/** Samples for Alerts Simulate. */
public final class Main {
    /*
     * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2022-01-01/examples/Alerts/SimulateAlerts_example.json
     */
    /**
     * Sample code: Simulate security alerts on a subscription.
     *
     * @param manager Entry point to SecurityManager.
     */
    public static void simulateSecurityAlertsOnASubscription(
        com.azure.resourcemanager.security.SecurityManager manager) {
        manager
            .alerts()
            .simulate(
                "centralus",
                new AlertSimulatorRequestBody()
                    .withProperties(
                        new AlertSimulatorBundlesRequestProperties()
                            .withBundles(
                                Arrays
                                    .asList(
                                        BundleType.APP_SERVICES,
                                        BundleType.DNS,
                                        BundleType.KEY_VAULTS,
                                        BundleType.KUBERNETES_SERVICE,
                                        BundleType.RESOURCE_MANAGER,
                                        BundleType.SQL_SERVERS,
                                        BundleType.STORAGE_ACCOUNTS,
                                        BundleType.VIRTUAL_MACHINES,
                                        BundleType.COSMOS_DBS))),
                com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/b43974e07d3204c4b6f8396627f5430994a7f7c9/specification/security/resource-manager/Microsoft.Security/stable/2022-01-01/examples/Alerts/SimulateAlerts_example.json
func ExampleAlertsClient_BeginSimulate() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewAlertsClient().BeginSimulate(ctx, "centralus", armsecurity.AlertSimulatorRequestBody{
		Properties: &armsecurity.AlertSimulatorBundlesRequestProperties{
			Kind: to.Ptr(armsecurity.KindBundles),
			Bundles: []*armsecurity.BundleType{
				to.Ptr(armsecurity.BundleTypeAppServices),
				to.Ptr(armsecurity.BundleTypeDNS),
				to.Ptr(armsecurity.BundleTypeKeyVaults),
				to.Ptr(armsecurity.BundleTypeKubernetesService),
				to.Ptr(armsecurity.BundleTypeResourceManager),
				to.Ptr(armsecurity.BundleTypeSQLServers),
				to.Ptr(armsecurity.BundleTypeStorageAccounts),
				to.Ptr(armsecurity.BundleTypeVirtualMachines),
				to.Ptr(armsecurity.BundleTypeCosmosDbs)},
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	_, err = poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Simulate security alerts
 *
 * @summary Simulate security alerts
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2022-01-01/examples/Alerts/SimulateAlerts_example.json
 */
async function simulateSecurityAlertsOnASubscription() {
  const subscriptionId =
    process.env["SECURITY_SUBSCRIPTION_ID"] || "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
  const ascLocation = "centralus";
  const alertSimulatorRequestBody = {
    properties: {
      bundles: [
        "AppServices",
        "DNS",
        "KeyVaults",
        "KubernetesService",
        "ResourceManager",
        "SqlServers",
        "StorageAccounts",
        "VirtualMachines",
        "CosmosDbs",
      ],
      kind: "Bundles",
    },
  };
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential, subscriptionId);
  const result = await client.alerts.beginSimulateAndWait(ascLocation, alertSimulatorRequestBody);
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/stable/2022-01-01/examples/Alerts/SimulateAlerts_example.json
// this example is just showing the usage of "Alerts_Simulate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this SecurityCenterLocationResource created on azure
// for more information of creating SecurityCenterLocationResource, please refer to the document of SecurityCenterLocationResource
string subscriptionId = "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
AzureLocation ascLocation = new AzureLocation("centralus");
ResourceIdentifier securityCenterLocationResourceId = SecurityCenterLocationResource.CreateResourceIdentifier(subscriptionId, ascLocation);
SecurityCenterLocationResource securityCenterLocation = client.GetSecurityCenterLocationResource(securityCenterLocationResourceId);

// get the collection of this SubscriptionSecurityAlertResource
SubscriptionSecurityAlertCollection collection = securityCenterLocation.GetSubscriptionSecurityAlerts();

// invoke the operation
SecurityAlertSimulatorContent content = new SecurityAlertSimulatorContent()
{
    Properties = new SecurityAlertSimulatorBundlesRequestProperties()
    {
        Bundles =
        {
        SecurityAlertSimulatorBundleType.AppServices,SecurityAlertSimulatorBundleType.Dns,SecurityAlertSimulatorBundleType.KeyVaults,SecurityAlertSimulatorBundleType.KubernetesService,SecurityAlertSimulatorBundleType.ResourceManager,SecurityAlertSimulatorBundleType.SqlServers,SecurityAlertSimulatorBundleType.StorageAccounts,SecurityAlertSimulatorBundleType.VirtualMachines,SecurityAlertSimulatorBundleType.CosmosDbs
        },
    },
};
await collection.SimulateAsync(WaitUntil.Completed, content);

Console.WriteLine($"Succeeded");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:: 202

Definitions

Name	Description
AlertSimulatorBundlesRequestProperties	Simulate alerts according to this bundles.
AlertSimulatorRequestBody	Alert Simulator request body.
BundleType	Alert Simulator supported bundles.
CloudError	Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).
CloudErrorBody	The error detail.
ErrorAdditionalInfo	The resource management error additional info.

AlertSimulatorBundlesRequestProperties

Simulate alerts according to this bundles.

Name	Type	Description
bundles	BundleType[]	Bundles list.
kind	string: Bundles	The kind of alert simulation.

AlertSimulatorRequestBody

Alert Simulator request body.

Name	Type	Description
properties	AlertSimulatorRequestProperties: AlertSimulatorBundlesRequestProperties	Alert Simulator request body data.

BundleType

Alert Simulator supported bundles.

Name	Type	Description
AppServices	string
CosmosDbs	string
DNS	string
KeyVaults	string
KubernetesService	string
ResourceManager	string
SqlServers	string
StorageAccounts	string
VirtualMachines	string

CloudError

Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).

Name	Type	Description
error.additionalInfo	ErrorAdditionalInfo[]	The error additional info.
error.code	string	The error code.
error.details	CloudErrorBody[]	The error details.
error.message	string	The error message.
error.target	string	The error target.

CloudErrorBody

The error detail.

Name	Type	Description
additionalInfo	ErrorAdditionalInfo[]	The error additional info.
code	string	The error code.
details	CloudErrorBody[]	The error details.
message	string	The error message.
target	string	The error target.

ErrorAdditionalInfo

The resource management error additional info.

Name	Type	Description
info	object	The additional info.
type	string	The additional info type.

Alerts - Simulate

URI Parameters

Request Body

Responses

Security

azure_auth

Scopes

Examples

Simulate security alerts on a subscription

Sample Request

Sample Response

Definitions

AlertSimulatorBundlesRequestProperties

AlertSimulatorRequestBody

BundleType

CloudError

CloudErrorBody

ErrorAdditionalInfo

Additional resources