Adaptive Application Controls - Put

Service:

Defender for Cloud

API Version:

2020-01-01

Atualizar um grupo de computadores de controle de aplicativos

PUT https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Security/locations/{ascLocation}/applicationWhitelistings/{groupName}?api-version=2020-01-01

Parâmetros de URI

Nome	Em	Obrigatório	Tipo	Description
ascLocation	path	True	string	O local em que o ASC armazena os dados da assinatura. pode ser recuperado de Obter locais
groupName	path	True	string	Nome de um grupo de computadores de controle de aplicativo
subscriptionId	path	True	string	ID de assinatura do Azure Regex pattern: ^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$
api-version	query	True	string	Versão da API para a operação

Corpo da solicitação

Nome	Tipo	Description
properties.enforcementMode	EnforcementMode	O modo de imposição/proteção da política de controle de aplicativo do grupo de computadores
properties.pathRecommendations	PathRecommendation[]	Representa um caminho que é recomendado para ser permitido e suas propriedades
properties.protectionMode	ProtectionMode	O modo de proteção dos tipos de coleção/arquivo. Exe/Msi/Script são usados para Windows, Executável é usado para Linux.
properties.vmRecommendations	VmRecommendation[]	Representa um computador que faz parte de um grupo de computadores

Respostas

Nome	Tipo	Description
200 OK	AdaptiveApplicationControlGroup	OK
Other Status Codes	CloudError	Resposta de erro que descreve por que a operação falhou.

Segurança

azure_auth

Fluxo do OAuth2 do Azure Active Directory

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Nome	Description
user_impersonation	representar sua conta de usuário

Exemplos

Update an application control machine group by adding a new application

Sample Request

HTTP

PUT https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/ERELGROUP1?api-version=2020-01-01

{
  "properties": {
    "enforcementMode": "Audit",
    "protectionMode": {
      "exe": "Audit",
      "msi": "None",
      "script": "None"
    },
    "vmRecommendations": [
      {
        "configurationStatus": "Configured",
        "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-stable/providers/microsoft.compute/virtualmachines/erelh-16090",
        "recommendationAction": "Recommended",
        "enforcementSupport": "Supported"
      },
      {
        "configurationStatus": "Configured",
        "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/matanvs/providers/microsoft.compute/virtualmachines/matanvs19",
        "recommendationAction": "Recommended",
        "enforcementSupport": "Supported"
      }
    ],
    "pathRecommendations": [
      {
        "path": "[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0",
        "type": "PublisherSignature",
        "publisherInfo": {
          "publisherName": "O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US",
          "productName": "*",
          "binaryName": "*",
          "version": "0.0.0.0"
        },
        "common": true,
        "action": "Recommended",
        "usernames": [
          {
            "username": "Everyone",
            "recommendationAction": "Recommended"
          }
        ],
        "userSids": [
          "S-1-1-0"
        ],
        "fileType": "Exe",
        "configurationStatus": "Configured"
      },
      {
        "path": "%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE",
        "type": "ProductSignature",
        "publisherInfo": {
          "publisherName": "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
          "productName": "MICROSOFT® COREXT",
          "binaryName": "*",
          "version": "0.0.0.0"
        },
        "common": true,
        "action": "Recommended",
        "usernames": [
          {
            "username": "NT AUTHORITY\\SYSTEM",
            "recommendationAction": "Recommended"
          }
        ],
        "userSids": [
          "S-1-1-0"
        ],
        "fileType": "Exe",
        "configurationStatus": "Configured"
      },
      {
        "path": "%OSDRIVE%\\WINDOWSAZURE\\PACKAGES_201973_7415\\COLLECTGUESTLOGS.EXE",
        "type": "PublisherSignature",
        "publisherInfo": {
          "publisherName": "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
          "productName": "*",
          "binaryName": "*",
          "version": "0.0.0.0"
        },
        "common": true,
        "action": "Recommended",
        "usernames": [
          {
            "username": "NT AUTHORITY\\SYSTEM",
            "recommendationAction": "Recommended"
          }
        ],
        "userSids": [
          "S-1-1-0"
        ],
        "fileType": "Exe",
        "configurationStatus": "Configured"
      },
      {
        "path": "C:\\directory\\file.exe",
        "action": "Add",
        "type": "File",
        "common": true
      }
    ]
  }
}

Java

import com.azure.resourcemanager.security.models.AdaptiveApplicationControlGroup;
import com.azure.resourcemanager.security.models.ConfigurationStatus;
import com.azure.resourcemanager.security.models.EnforcementMode;
import com.azure.resourcemanager.security.models.EnforcementSupport;
import com.azure.resourcemanager.security.models.FileType;
import com.azure.resourcemanager.security.models.PathRecommendation;
import com.azure.resourcemanager.security.models.ProtectionMode;
import com.azure.resourcemanager.security.models.PublisherInfo;
import com.azure.resourcemanager.security.models.RecommendationAction;
import com.azure.resourcemanager.security.models.RecommendationType;
import com.azure.resourcemanager.security.models.UserRecommendation;
import com.azure.resourcemanager.security.models.VmRecommendation;
import java.util.Arrays;

/**
 * Samples for AdaptiveApplicationControls Put.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/
     * PutAdaptiveApplicationControls_example.json
     */
    /**
     * Sample code: Update an application control machine group by adding a new application.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void updateAnApplicationControlMachineGroupByAddingANewApplication(
        com.azure.resourcemanager.security.SecurityManager manager) {
        AdaptiveApplicationControlGroup resource = manager.adaptiveApplicationControls()
            .getWithResponse("centralus", "ERELGROUP1", com.azure.core.util.Context.NONE).getValue();
        resource.update().withEnforcementMode(EnforcementMode.AUDIT)
            .withProtectionMode(new ProtectionMode().withExe(EnforcementMode.AUDIT).withMsi(EnforcementMode.NONE)
                .withScript(EnforcementMode.NONE))
            .withVmRecommendations(Arrays.asList(new VmRecommendation()
                .withConfigurationStatus(ConfigurationStatus.CONFIGURED)
                .withRecommendationAction(RecommendationAction.RECOMMENDED)
                .withResourceId(
                    "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-stable/providers/microsoft.compute/virtualmachines/erelh-16090")
                .withEnforcementSupport(EnforcementSupport.SUPPORTED),
                new VmRecommendation().withConfigurationStatus(ConfigurationStatus.CONFIGURED)
                    .withRecommendationAction(RecommendationAction.RECOMMENDED)
                    .withResourceId(
                        "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/matanvs/providers/microsoft.compute/virtualmachines/matanvs19")
                    .withEnforcementSupport(EnforcementSupport.SUPPORTED)))
            .withPathRecommendations(Arrays.asList(
                new PathRecommendation()
                    .withPath("[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0")
                    .withAction(RecommendationAction.RECOMMENDED)
                    .withType(RecommendationType.fromString("PublisherSignature"))
                    .withPublisherInfo(
                        new PublisherInfo().withPublisherName("O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US")
                            .withProductName("*").withBinaryName("*").withVersion("0.0.0.0"))
                    .withCommon(true).withUserSids(Arrays.asList("S-1-1-0"))
                    .withUsernames(Arrays.asList(new UserRecommendation().withUsername("Everyone")
                        .withRecommendationAction(RecommendationAction.RECOMMENDED)))
                    .withFileType(FileType.EXE).withConfigurationStatus(ConfigurationStatus.CONFIGURED),
                new PathRecommendation().withPath("%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE")
                    .withAction(RecommendationAction.RECOMMENDED)
                    .withType(RecommendationType.fromString("ProductSignature"))
                    .withPublisherInfo(new PublisherInfo().withPublisherName("CN=MICROSOFT AZURE DEPENDENCY CODE SIGN")
                        .withProductName("MICROSOFT® COREXT").withBinaryName("*").withVersion("0.0.0.0"))
                    .withCommon(true).withUserSids(Arrays.asList("S-1-1-0"))
                    .withUsernames(Arrays.asList(new UserRecommendation().withUsername("NT AUTHORITY\\SYSTEM")
                        .withRecommendationAction(RecommendationAction.RECOMMENDED)))
                    .withFileType(FileType.EXE).withConfigurationStatus(ConfigurationStatus.CONFIGURED),
                new PathRecommendation().withPath("%OSDRIVE%\\WINDOWSAZURE\\PACKAGES_201973_7415\\COLLECTGUESTLOGS.EXE")
                    .withAction(RecommendationAction.RECOMMENDED)
                    .withType(RecommendationType.fromString("PublisherSignature"))
                    .withPublisherInfo(new PublisherInfo().withPublisherName("CN=MICROSOFT AZURE DEPENDENCY CODE SIGN")
                        .withProductName("*").withBinaryName("*").withVersion("0.0.0.0"))
                    .withCommon(true).withUserSids(Arrays.asList("S-1-1-0"))
                    .withUsernames(Arrays.asList(new UserRecommendation().withUsername("NT AUTHORITY\\SYSTEM")
                        .withRecommendationAction(RecommendationAction.RECOMMENDED)))
                    .withFileType(FileType.EXE).withConfigurationStatus(ConfigurationStatus.CONFIGURED),
                new PathRecommendation().withPath("C:\\directory\\file.exe").withAction(RecommendationAction.ADD)
                    .withType(RecommendationType.fromString("File")).withCommon(true)))
            .apply();
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/PutAdaptiveApplicationControls_example.json
func ExampleAdaptiveApplicationControlsClient_Put() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewAdaptiveApplicationControlsClient().Put(ctx, "centralus", "ERELGROUP1", armsecurity.AdaptiveApplicationControlGroup{
		Properties: &armsecurity.AdaptiveApplicationControlGroupData{
			EnforcementMode: to.Ptr(armsecurity.EnforcementModeAudit),
			PathRecommendations: []*armsecurity.PathRecommendation{
				{
					Type:                to.Ptr(armsecurity.RecommendationType("PublisherSignature")),
					Path:                to.Ptr("[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0"),
					Action:              to.Ptr(armsecurity.RecommendationActionRecommended),
					Common:              to.Ptr(true),
					ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
					FileType:            to.Ptr(armsecurity.FileTypeExe),
					PublisherInfo: &armsecurity.PublisherInfo{
						BinaryName:    to.Ptr("*"),
						ProductName:   to.Ptr("*"),
						PublisherName: to.Ptr("O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US"),
						Version:       to.Ptr("0.0.0.0"),
					},
					UserSids: []*string{
						to.Ptr("S-1-1-0")},
					Usernames: []*armsecurity.UserRecommendation{
						{
							RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
							Username:             to.Ptr("Everyone"),
						}},
				},
				{
					Type:                to.Ptr(armsecurity.RecommendationType("ProductSignature")),
					Path:                to.Ptr("%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE"),
					Action:              to.Ptr(armsecurity.RecommendationActionRecommended),
					Common:              to.Ptr(true),
					ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
					FileType:            to.Ptr(armsecurity.FileTypeExe),
					PublisherInfo: &armsecurity.PublisherInfo{
						BinaryName:    to.Ptr("*"),
						ProductName:   to.Ptr("MICROSOFT® COREXT"),
						PublisherName: to.Ptr("CN=MICROSOFT AZURE DEPENDENCY CODE SIGN"),
						Version:       to.Ptr("0.0.0.0"),
					},
					UserSids: []*string{
						to.Ptr("S-1-1-0")},
					Usernames: []*armsecurity.UserRecommendation{
						{
							RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
							Username:             to.Ptr("NT AUTHORITY\\SYSTEM"),
						}},
				},
				{
					Type:                to.Ptr(armsecurity.RecommendationType("PublisherSignature")),
					Path:                to.Ptr("%OSDRIVE%\\WINDOWSAZURE\\PACKAGES_201973_7415\\COLLECTGUESTLOGS.EXE"),
					Action:              to.Ptr(armsecurity.RecommendationActionRecommended),
					Common:              to.Ptr(true),
					ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
					FileType:            to.Ptr(armsecurity.FileTypeExe),
					PublisherInfo: &armsecurity.PublisherInfo{
						BinaryName:    to.Ptr("*"),
						ProductName:   to.Ptr("*"),
						PublisherName: to.Ptr("CN=MICROSOFT AZURE DEPENDENCY CODE SIGN"),
						Version:       to.Ptr("0.0.0.0"),
					},
					UserSids: []*string{
						to.Ptr("S-1-1-0")},
					Usernames: []*armsecurity.UserRecommendation{
						{
							RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
							Username:             to.Ptr("NT AUTHORITY\\SYSTEM"),
						}},
				},
				{
					Type:   to.Ptr(armsecurity.RecommendationType("File")),
					Path:   to.Ptr("C:\\directory\\file.exe"),
					Action: to.Ptr(armsecurity.RecommendationActionAdd),
					Common: to.Ptr(true),
				}},
			ProtectionMode: &armsecurity.ProtectionMode{
				Exe:    to.Ptr(armsecurity.EnforcementModeAudit),
				Msi:    to.Ptr(armsecurity.EnforcementModeNone),
				Script: to.Ptr(armsecurity.EnforcementModeNone),
			},
			VMRecommendations: []*armsecurity.VMRecommendation{
				{
					ConfigurationStatus:  to.Ptr(armsecurity.ConfigurationStatusConfigured),
					EnforcementSupport:   to.Ptr(armsecurity.EnforcementSupportSupported),
					RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
					ResourceID:           to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-stable/providers/microsoft.compute/virtualmachines/erelh-16090"),
				},
				{
					ConfigurationStatus:  to.Ptr(armsecurity.ConfigurationStatusConfigured),
					EnforcementSupport:   to.Ptr(armsecurity.EnforcementSupportSupported),
					RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
					ResourceID:           to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/matanvs/providers/microsoft.compute/virtualmachines/matanvs19"),
				}},
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.AdaptiveApplicationControlGroup = armsecurity.AdaptiveApplicationControlGroup{
	// 	Location: to.Ptr("centralus"),
	// 	Name: to.Ptr("ERELGROUP1"),
	// 	Type: to.Ptr("Microsoft.Security/applicationWhitelistings"),
	// 	ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/ERELGROUP1"),
	// 	Properties: &armsecurity.AdaptiveApplicationControlGroupData{
	// 		ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusInProgress),
	// 		EnforcementMode: to.Ptr(armsecurity.EnforcementModeAudit),
	// 		Issues: []*armsecurity.AdaptiveApplicationControlIssueSummary{
	// 		},
	// 		PathRecommendations: []*armsecurity.PathRecommendation{
	// 			{
	// 				Type: to.Ptr(armsecurity.RecommendationType("PublisherSignature")),
	// 				Path: to.Ptr("[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0"),
	// 				Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 				Common: to.Ptr(true),
	// 				ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 				FileType: to.Ptr(armsecurity.FileTypeExe),
	// 				PublisherInfo: &armsecurity.PublisherInfo{
	// 					BinaryName: to.Ptr("*"),
	// 					ProductName: to.Ptr("*"),
	// 					PublisherName: to.Ptr("O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US"),
	// 					Version: to.Ptr("0.0.0.0"),
	// 				},
	// 				UserSids: []*string{
	// 					to.Ptr("S-1-1-0")},
	// 					Usernames: []*armsecurity.UserRecommendation{
	// 						{
	// 							RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 							Username: to.Ptr("Everyone"),
	// 					}},
	// 				},
	// 				{
	// 					Type: to.Ptr(armsecurity.RecommendationType("ProductSignature")),
	// 					Path: to.Ptr("%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE"),
	// 					Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 					Common: to.Ptr(true),
	// 					ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 					FileType: to.Ptr(armsecurity.FileTypeExe),
	// 					PublisherInfo: &armsecurity.PublisherInfo{
	// 						BinaryName: to.Ptr("*"),
	// 						ProductName: to.Ptr("MICROSOFT® COREXT"),
	// 						PublisherName: to.Ptr("CN=MICROSOFT AZURE DEPENDENCY CODE SIGN"),
	// 						Version: to.Ptr("0.0.0.0"),
	// 					},
	// 					UserSids: []*string{
	// 						to.Ptr("S-1-1-0")},
	// 						Usernames: []*armsecurity.UserRecommendation{
	// 							{
	// 								RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 								Username: to.Ptr("NT AUTHORITY\\SYSTEM"),
	// 						}},
	// 					},
	// 					{
	// 						Type: to.Ptr(armsecurity.RecommendationType("PublisherSignature")),
	// 						Path: to.Ptr("%OSDRIVE%\\WINDOWSAZURE\\PACKAGES_201973_7415\\COLLECTGUESTLOGS.EXE"),
	// 						Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 						Common: to.Ptr(true),
	// 						ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 						FileType: to.Ptr(armsecurity.FileTypeExe),
	// 						PublisherInfo: &armsecurity.PublisherInfo{
	// 							BinaryName: to.Ptr("*"),
	// 							ProductName: to.Ptr("*"),
	// 							PublisherName: to.Ptr("CN=MICROSOFT AZURE DEPENDENCY CODE SIGN"),
	// 							Version: to.Ptr("0.0.0.0"),
	// 						},
	// 						UserSids: []*string{
	// 							to.Ptr("S-1-1-0")},
	// 							Usernames: []*armsecurity.UserRecommendation{
	// 								{
	// 									RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 									Username: to.Ptr("NT AUTHORITY\\SYSTEM"),
	// 							}},
	// 						},
	// 						{
	// 							Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 							Path: to.Ptr("C:\\directory\\file.exe"),
	// 							Action: to.Ptr(armsecurity.RecommendationActionAdd),
	// 							Common: to.Ptr(true),
	// 							ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusNotConfigured),
	// 							FileType: to.Ptr(armsecurity.FileTypeExe),
	// 							UserSids: []*string{
	// 								to.Ptr("S-1-1-0")},
	// 								Usernames: []*armsecurity.UserRecommendation{
	// 									{
	// 										RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 										Username: to.Ptr("Everyone"),
	// 								}},
	// 						}},
	// 						ProtectionMode: &armsecurity.ProtectionMode{
	// 							Exe: to.Ptr(armsecurity.EnforcementModeAudit),
	// 							Msi: to.Ptr(armsecurity.EnforcementModeNone),
	// 							Script: to.Ptr(armsecurity.EnforcementModeNone),
	// 						},
	// 						RecommendationStatus: to.Ptr(armsecurity.RecommendationStatusRecommended),
	// 						SourceSystem: to.Ptr(armsecurity.SourceSystemAzureAppLocker),
	// 						VMRecommendations: []*armsecurity.VMRecommendation{
	// 							{
	// 								RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 								ResourceID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-stable/providers/microsoft.compute/virtualmachines/erelh-16090"),
	// 							},
	// 							{
	// 								RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 								ResourceID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/matanvs/providers/microsoft.compute/virtualmachines/matanvs19"),
	// 						}},
	// 					},
	// 				}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Update an application control machine group
 *
 * @summary Update an application control machine group
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/PutAdaptiveApplicationControls_example.json
 */
async function updateAnApplicationControlMachineGroupByAddingANewApplication() {
  const subscriptionId =
    process.env["SECURITY_SUBSCRIPTION_ID"] || "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
  const ascLocation = "centralus";
  const groupName = "ERELGROUP1";
  const body = {
    enforcementMode: "Audit",
    pathRecommendations: [
      {
        type: "PublisherSignature",
        path: "[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0",
        action: "Recommended",
        common: true,
        configurationStatus: "Configured",
        fileType: "Exe",
        publisherInfo: {
          binaryName: "*",
          productName: "*",
          publisherName: "O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US",
          version: "0.0.0.0",
        },
        userSids: ["S-1-1-0"],
        usernames: [{ recommendationAction: "Recommended", username: "Everyone" }],
      },
      {
        type: "ProductSignature",
        path: "%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE",
        action: "Recommended",
        common: true,
        configurationStatus: "Configured",
        fileType: "Exe",
        publisherInfo: {
          binaryName: "*",
          productName: "MICROSOFT® COREXT",
          publisherName: "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
          version: "0.0.0.0",
        },
        userSids: ["S-1-1-0"],
        usernames: [
          {
            recommendationAction: "Recommended",
            username: "NT AUTHORITY\\SYSTEM",
          },
        ],
      },
      {
        type: "PublisherSignature",
        path: "%OSDRIVE%\\WINDOWSAZURE\\PACKAGES_201973_7415\\COLLECTGUESTLOGS.EXE",
        action: "Recommended",
        common: true,
        configurationStatus: "Configured",
        fileType: "Exe",
        publisherInfo: {
          binaryName: "*",
          productName: "*",
          publisherName: "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
          version: "0.0.0.0",
        },
        userSids: ["S-1-1-0"],
        usernames: [
          {
            recommendationAction: "Recommended",
            username: "NT AUTHORITY\\SYSTEM",
          },
        ],
      },
      {
        type: "File",
        path: "C:\\directory\\file.exe",
        action: "Add",
        common: true,
      },
    ],
    protectionMode: { exe: "Audit", msi: "None", script: "None" },
    vmRecommendations: [
      {
        configurationStatus: "Configured",
        enforcementSupport: "Supported",
        recommendationAction: "Recommended",
        resourceId:
          "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-stable/providers/microsoft.compute/virtualmachines/erelh-16090",
      },
      {
        configurationStatus: "Configured",
        enforcementSupport: "Supported",
        recommendationAction: "Recommended",
        resourceId:
          "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/matanvs/providers/microsoft.compute/virtualmachines/matanvs19",
      },
    ],
  };
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential, subscriptionId);
  const result = await client.adaptiveApplicationControls.put(ascLocation, groupName, body);
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/PutAdaptiveApplicationControls_example.json
// this example is just showing the usage of "AdaptiveApplicationControls_Put" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this AdaptiveApplicationControlGroupResource created on azure
// for more information of creating AdaptiveApplicationControlGroupResource, please refer to the document of AdaptiveApplicationControlGroupResource
string subscriptionId = "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
AzureLocation ascLocation = new AzureLocation("centralus");
string groupName = "ERELGROUP1";
ResourceIdentifier adaptiveApplicationControlGroupResourceId = AdaptiveApplicationControlGroupResource.CreateResourceIdentifier(subscriptionId, ascLocation, groupName);
AdaptiveApplicationControlGroupResource adaptiveApplicationControlGroup = client.GetAdaptiveApplicationControlGroupResource(adaptiveApplicationControlGroupResourceId);

// invoke the operation
AdaptiveApplicationControlGroupData data = new AdaptiveApplicationControlGroupData()
{
    EnforcementMode = AdaptiveApplicationControlEnforcementMode.Audit,
    ProtectionMode = new SecurityCenterFileProtectionMode()
    {
        Exe = AdaptiveApplicationControlEnforcementMode.Audit,
        Msi = AdaptiveApplicationControlEnforcementMode.None,
        Script = AdaptiveApplicationControlEnforcementMode.None,
    },
    VmRecommendations =
    {
    new VmRecommendation()
    {
    ConfigurationStatus = SecurityCenterConfigurationStatus.Configured,
    RecommendationAction = RecommendationAction.Recommended,
    ResourceId = new ResourceIdentifier("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-stable/providers/microsoft.compute/virtualmachines/erelh-16090"),
    EnforcementSupport = SecurityCenterVmEnforcementSupportState.Supported,
    },new VmRecommendation()
    {
    ConfigurationStatus = SecurityCenterConfigurationStatus.Configured,
    RecommendationAction = RecommendationAction.Recommended,
    ResourceId = new ResourceIdentifier("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/matanvs/providers/microsoft.compute/virtualmachines/matanvs19"),
    EnforcementSupport = SecurityCenterVmEnforcementSupportState.Supported,
    }
    },
    PathRecommendations =
    {
    new PathRecommendation()
    {
    Path = "[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0",
    Action = RecommendationAction.Recommended,
    IotSecurityRecommendationType = new IotSecurityRecommendationType("PublisherSignature"),
    PublisherInfo = new SecurityCenterPublisherInfo()
    {
    PublisherName = "O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US",
    ProductName = "*",
    BinaryName = "*",
    Version = "0.0.0.0",
    },
    IsCommon = true,
    UserSids =
    {
    "S-1-1-0"
    },
    Usernames =
    {
    new UserRecommendation()
    {
    Username = "Everyone",
    RecommendationAction = RecommendationAction.Recommended,
    }
    },
    FileType = PathRecommendationFileType.Exe,
    ConfigurationStatus = SecurityCenterConfigurationStatus.Configured,
    },new PathRecommendation()
    {
    Path = "%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE",
    Action = RecommendationAction.Recommended,
    IotSecurityRecommendationType = new IotSecurityRecommendationType("ProductSignature"),
    PublisherInfo = new SecurityCenterPublisherInfo()
    {
    PublisherName = "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
    ProductName = "MICROSOFT® COREXT",
    BinaryName = "*",
    Version = "0.0.0.0",
    },
    IsCommon = true,
    UserSids =
    {
    "S-1-1-0"
    },
    Usernames =
    {
    new UserRecommendation()
    {
    Username = "NT AUTHORITY\\SYSTEM",
    RecommendationAction = RecommendationAction.Recommended,
    }
    },
    FileType = PathRecommendationFileType.Exe,
    ConfigurationStatus = SecurityCenterConfigurationStatus.Configured,
    },new PathRecommendation()
    {
    Path = "%OSDRIVE%\\WINDOWSAZURE\\PACKAGES_201973_7415\\COLLECTGUESTLOGS.EXE",
    Action = RecommendationAction.Recommended,
    IotSecurityRecommendationType = new IotSecurityRecommendationType("PublisherSignature"),
    PublisherInfo = new SecurityCenterPublisherInfo()
    {
    PublisherName = "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
    ProductName = "*",
    BinaryName = "*",
    Version = "0.0.0.0",
    },
    IsCommon = true,
    UserSids =
    {
    "S-1-1-0"
    },
    Usernames =
    {
    new UserRecommendation()
    {
    Username = "NT AUTHORITY\\SYSTEM",
    RecommendationAction = RecommendationAction.Recommended,
    }
    },
    FileType = PathRecommendationFileType.Exe,
    ConfigurationStatus = SecurityCenterConfigurationStatus.Configured,
    },new PathRecommendation()
    {
    Path = "C:\\directory\\file.exe",
    Action = RecommendationAction.Add,
    IotSecurityRecommendationType = new IotSecurityRecommendationType("File"),
    IsCommon = true,
    }
    },
};
ArmOperation<AdaptiveApplicationControlGroupResource> lro = await adaptiveApplicationControlGroup.UpdateAsync(WaitUntil.Completed, data);
AdaptiveApplicationControlGroupResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
AdaptiveApplicationControlGroupData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/ERELGROUP1",
  "name": "ERELGROUP1",
  "type": "Microsoft.Security/applicationWhitelistings",
  "location": "centralus",
  "properties": {
    "recommendationStatus": "Recommended",
    "enforcementMode": "Audit",
    "protectionMode": {
      "exe": "Audit",
      "msi": "None",
      "script": "None"
    },
    "vmRecommendations": [
      {
        "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-stable/providers/microsoft.compute/virtualmachines/erelh-16090",
        "recommendationAction": "Recommended"
      },
      {
        "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/matanvs/providers/microsoft.compute/virtualmachines/matanvs19",
        "recommendationAction": "Recommended"
      }
    ],
    "pathRecommendations": [
      {
        "path": "[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0",
        "type": "PublisherSignature",
        "publisherInfo": {
          "publisherName": "O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US",
          "productName": "*",
          "binaryName": "*",
          "version": "0.0.0.0"
        },
        "common": true,
        "action": "Recommended",
        "usernames": [
          {
            "username": "Everyone",
            "recommendationAction": "Recommended"
          }
        ],
        "userSids": [
          "S-1-1-0"
        ],
        "fileType": "Exe",
        "configurationStatus": "Configured"
      },
      {
        "path": "%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE",
        "type": "ProductSignature",
        "publisherInfo": {
          "publisherName": "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
          "productName": "MICROSOFT® COREXT",
          "binaryName": "*",
          "version": "0.0.0.0"
        },
        "common": true,
        "action": "Recommended",
        "usernames": [
          {
            "username": "NT AUTHORITY\\SYSTEM",
            "recommendationAction": "Recommended"
          }
        ],
        "userSids": [
          "S-1-1-0"
        ],
        "fileType": "Exe",
        "configurationStatus": "Configured"
      },
      {
        "path": "%OSDRIVE%\\WINDOWSAZURE\\PACKAGES_201973_7415\\COLLECTGUESTLOGS.EXE",
        "type": "PublisherSignature",
        "publisherInfo": {
          "publisherName": "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
          "productName": "*",
          "binaryName": "*",
          "version": "0.0.0.0"
        },
        "common": true,
        "action": "Recommended",
        "usernames": [
          {
            "username": "NT AUTHORITY\\SYSTEM",
            "recommendationAction": "Recommended"
          }
        ],
        "userSids": [
          "S-1-1-0"
        ],
        "fileType": "Exe",
        "configurationStatus": "Configured"
      },
      {
        "path": "C:\\directory\\file.exe",
        "type": "File",
        "common": true,
        "action": "Add",
        "usernames": [
          {
            "username": "Everyone",
            "recommendationAction": "Recommended"
          }
        ],
        "userSids": [
          "S-1-1-0"
        ],
        "fileType": "Exe",
        "configurationStatus": "NotConfigured"
      }
    ],
    "configurationStatus": "InProgress",
    "issues": [],
    "sourceSystem": "Azure_AppLocker"
  }
}

Definições

Nome	Description
AdaptiveApplicationControlGroup
AdaptiveApplicationControlIssue	Um alerta que os computadores dentro de um grupo podem ter
AdaptiveApplicationControlIssueSummary	Representa um resumo dos alertas do grupo de computadores
CloudError	Resposta de erro comum para todas as APIs do Azure Resource Manager para retornar detalhes de erro de operações com falha. (Isso também segue o formato de resposta de erro OData.).
CloudErrorBody	O detalhe do erro.
ConfigurationStatus	O status de configuração do grupo de computadores ou computador ou regra
EnforcementMode	O modo de imposição/proteção da política de controle de aplicativo do grupo de computadores
EnforcementSupport	A capacidade de suporte do computador do recurso Impor
ErrorAdditionalInfo	As informações adicionais do erro de gerenciamento de recursos.
FileType	O tipo do arquivo (para arquivos Linux – Executável é usado)
PathRecommendation	Representa um caminho que é recomendado para ser permitido e suas propriedades
ProtectionMode	O modo de proteção dos tipos de coleção/arquivo. Exe/Msi/Script são usados para Windows, Executável é usado para Linux.
PublisherInfo	Representa as informações do editor de um processo/regra
RecommendationAction	A ação de recomendação do computador ou da regra
RecommendationStatus	A recomendação inicial status do grupo de computadores ou do computador
RecommendationType	O tipo da regra a ser permitida
SourceSystem	O tipo de origem do grupo de computadores
UserRecommendation	Representa um usuário que é recomendado para ser permitido para uma determinada regra
VmRecommendation	Representa um computador que faz parte de um grupo de computadores

AdaptiveApplicationControlGroup

Nome	Tipo	Description
id	string	ID do recurso
location	string	Local em que o recurso é armazenado
name	string	Nome do recurso
properties.configurationStatus	ConfigurationStatus	O status de configuração do grupo de computadores ou computador ou regra
properties.enforcementMode	EnforcementMode	O modo de imposição/proteção da política de controle de aplicativo do grupo de computadores
properties.issues	AdaptiveApplicationControlIssueSummary[]	Representa um resumo dos alertas do grupo de computadores
properties.pathRecommendations	PathRecommendation[]	Representa um caminho que é recomendado para ser permitido e suas propriedades
properties.protectionMode	ProtectionMode	O modo de proteção dos tipos de coleção/arquivo. Exe/Msi/Script são usados para Windows, Executável é usado para Linux.
properties.recommendationStatus	RecommendationStatus	A recomendação inicial status do grupo de computadores ou do computador
properties.sourceSystem	SourceSystem	O tipo de origem do grupo de computadores
properties.vmRecommendations	VmRecommendation[]	Representa um computador que faz parte de um grupo de computadores
type	string	Tipo de recurso

AdaptiveApplicationControlIssue

Um alerta que os computadores dentro de um grupo podem ter

Nome	Tipo	Description
ExecutableViolationsAudited	string
MsiAndScriptViolationsAudited	string
MsiAndScriptViolationsBlocked	string
RulesViolatedManually	string
ViolationsAudited	string
ViolationsBlocked	string

AdaptiveApplicationControlIssueSummary

Representa um resumo dos alertas do grupo de computadores

Nome	Tipo	Description
issue	AdaptiveApplicationControlIssue	Um alerta que os computadores dentro de um grupo podem ter
numberOfVms	number	O número de computadores no grupo que têm esse alerta

CloudError

Resposta de erro comum para todas as APIs do Azure Resource Manager para retornar detalhes de erro de operações com falha. (Isso também segue o formato de resposta de erro OData.).

Nome	Tipo	Description
error.additionalInfo	ErrorAdditionalInfo[]	As informações adicionais do erro.
error.code	string	O código de erro.
error.details	CloudErrorBody[]	Os detalhes do erro.
error.message	string	A mensagem de erro.
error.target	string	O destino do erro.

CloudErrorBody

O detalhe do erro.

Nome	Tipo	Description
additionalInfo	ErrorAdditionalInfo[]	As informações adicionais do erro.
code	string	O código de erro.
details	CloudErrorBody[]	Os detalhes do erro.
message	string	A mensagem de erro.
target	string	O destino do erro.

ConfigurationStatus

O status de configuração do grupo de computadores ou computador ou regra

Nome	Tipo	Description
Configured	string
Failed	string
InProgress	string
NoStatus	string
NotConfigured	string

EnforcementMode

O modo de imposição/proteção da política de controle de aplicativo do grupo de computadores

Nome	Tipo	Description
Audit	string
Enforce	string
None	string

EnforcementSupport

A capacidade de suporte do computador do recurso Impor

Nome	Tipo	Description
NotSupported	string
Supported	string
Unknown	string

ErrorAdditionalInfo

As informações adicionais do erro de gerenciamento de recursos.

Nome	Tipo	Description
info	object	As informações adicionais.
type	string	O tipo de informação adicional.

FileType

O tipo do arquivo (para arquivos Linux – Executável é usado)

Nome	Tipo	Description
Dll	string
Exe	string
Executable	string
Msi	string
Script	string
Unknown	string

PathRecommendation

Representa um caminho que é recomendado para ser permitido e suas propriedades

Nome	Tipo	Description
action	RecommendationAction	A ação de recomendação do computador ou da regra
common	boolean	Se o aplicativo é normalmente executado no computador
configurationStatus	ConfigurationStatus	O status de configuração do grupo de computadores ou computador ou regra
fileType	FileType	O tipo do arquivo (para arquivos Linux – Executável é usado)
path	string	O caminho completo do arquivo ou um identificador do aplicativo
publisherInfo	PublisherInfo	Representa as informações do editor de um processo/regra
type	RecommendationType	O tipo da regra a ser permitida
userSids	string[]	Um identificador de segurança
usernames	UserRecommendation[]	Representa um usuário que é recomendado para ser permitido para uma determinada regra

ProtectionMode

O modo de proteção dos tipos de coleção/arquivo. Exe/Msi/Script são usados para Windows, Executável é usado para Linux.

Nome	Tipo	Description
exe	EnforcementMode	O modo de imposição/proteção da política de controle de aplicativo do grupo de computadores
executable	EnforcementMode	O modo de imposição/proteção da política de controle de aplicativo do grupo de computadores
msi	EnforcementMode	O modo de imposição/proteção da política de controle de aplicativo do grupo de computadores
script	EnforcementMode	O modo de imposição/proteção da política de controle de aplicativo do grupo de computadores

PublisherInfo

Representa as informações do editor de um processo/regra

Nome	Tipo	Description
binaryName	string	O campo "OriginalName" extraído do recurso de versão do arquivo
productName	string	O nome do produto extraído do recurso de versão do arquivo
publisherName	string	O campo Assunto do certificado x.509 usado para assinar o código, usando os seguintes campos - O = Organização, L = Localidade, S = Estado ou Província e C = País
version	string	A versão do arquivo binário obtida do recurso de versão do arquivo

RecommendationAction

A ação de recomendação do computador ou da regra

Nome	Tipo	Description
Add	string
Recommended	string
Remove	string

RecommendationStatus

A recomendação inicial status do grupo de computadores ou do computador

Nome	Tipo	Description
NoStatus	string
NotAvailable	string
NotRecommended	string
Recommended	string

RecommendationType

O tipo da regra a ser permitida

Nome	Tipo	Description
BinarySignature	string
File	string
FileHash	string
ProductSignature	string
PublisherSignature	string
VersionAndAboveSignature	string

SourceSystem

O tipo de origem do grupo de computadores

Nome	Tipo	Description
Azure_AppLocker	string
Azure_AuditD	string
NonAzure_AppLocker	string
NonAzure_AuditD	string
None	string

UserRecommendation

Representa um usuário que é recomendado para ser permitido para uma determinada regra

Nome	Tipo	Description
recommendationAction	RecommendationAction	A ação de recomendação do computador ou da regra
username	string	Representa um usuário que é recomendado para ser permitido para uma determinada regra

VmRecommendation

Representa um computador que faz parte de um grupo de computadores

Nome	Tipo	Description
configurationStatus	ConfigurationStatus	O status de configuração do grupo de computadores ou computador ou regra
enforcementSupport	EnforcementSupport	A capacidade de suporte do computador do recurso Impor
recommendationAction	RecommendationAction	A ação de recomendação do computador ou da regra
resourceId	string	A ID de recurso completa do computador