Cria ou atualiza uma automação de segurança. Se uma automação de segurança já estiver criada e uma solicitação subsequente for emitida para a mesma ID de automação, ela será atualizada.
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/automations/{automationName}?api-version=2019-01-01-preview
Parâmetros de URI
Nome |
Em |
Obrigatório |
Tipo |
Description |
automationName
|
path |
True
|
string
|
O nome da automação de segurança.
|
resourceGroupName
|
path |
True
|
string
|
O nome do grupo de recursos na assinatura do usuário. O nome diferencia maiúsculas de minúsculas.
Regex pattern: ^[-\w\._\(\)]+$
|
subscriptionId
|
path |
True
|
string
|
ID de assinatura do Azure
Regex pattern: ^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$
|
api-version
|
query |
True
|
string
|
Versão da API para a operação
|
Corpo da solicitação
Nome |
Tipo |
Description |
etag
|
string
|
A marca de entidade é usada para comparar duas ou mais entidades do mesmo recurso solicitado.
|
kind
|
string
|
Tipo de recurso
|
location
|
string
|
Local em que o recurso é armazenado
|
properties.actions
|
AutomationAction[]:
|
Uma coleção das ações que são disparadas se todas as avaliações de regras configuradas, dentro de pelo menos um conjunto de regras, forem verdadeiras.
|
properties.description
|
string
|
A descrição da automação de segurança.
|
properties.isEnabled
|
boolean
|
Indica se a automação de segurança está habilitada.
|
properties.scopes
|
AutomationScope[]
|
Uma coleção de escopos nos quais a lógica de automações de segurança é aplicada. Os escopos com suporte são a própria assinatura ou um grupo de recursos nessa assinatura. A automação só será aplicada em escopos definidos.
|
properties.sources
|
AutomationSource[]
|
Uma coleção dos tipos de evento de origem que avaliam o conjunto de regras de automação de segurança.
|
tags
|
object
|
Uma lista de pares de chave e valor que descrevem o recurso.
|
Respostas
Nome |
Tipo |
Description |
200 OK
|
Automation
|
OK
|
201 Created
|
Automation
|
Criado
|
Other Status Codes
|
CloudError
|
Resposta de erro que descreve por que a operação falhou.
|
Segurança
azure_auth
Fluxo do OAuth2 do Azure Active Directory
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
Nome |
Description |
user_impersonation
|
representar sua conta de usuário
|
Exemplos
Create or update a security automation for all assessments (including all severities)
Sample Request
PUT https://management.azure.com/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/automations/exampleAutomation?api-version=2019-01-01-preview
{
"location": "Central US",
"etag": "etag value (must be supplied for update)",
"tags": {},
"properties": {
"description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment",
"isEnabled": true,
"scopes": [
{
"description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
"scopePath": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"
}
],
"sources": [
{
"eventSource": "Assessments"
}
],
"actions": [
{
"logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1",
"actionType": "LogicApp",
"uri": "https://exampleTriggerUri1.com"
}
]
}
}
import com.azure.resourcemanager.security.models.AutomationActionLogicApp;
import com.azure.resourcemanager.security.models.AutomationScope;
import com.azure.resourcemanager.security.models.AutomationSource;
import com.azure.resourcemanager.security.models.EventSource;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/** Samples for Automations CreateOrUpdate. */
public final class Main {
/*
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomationAllAssessments_example.json
*/
/**
* Sample code: Create or update a security automation for all assessments (including all severities).
*
* @param manager Entry point to SecurityManager.
*/
public static void createOrUpdateASecurityAutomationForAllAssessmentsIncludingAllSeverities(
com.azure.resourcemanager.security.SecurityManager manager) {
manager
.automations()
.define("exampleAutomation")
.withRegion("Central US")
.withExistingResourceGroup("exampleResourceGroup")
.withTags(mapOf())
.withDescription(
"An example of a security automation that triggers one LogicApp resource (myTest1) on any security"
+ " assessment")
.withIsEnabled(true)
.withScopes(
Arrays
.asList(
new AutomationScope()
.withDescription(
"A description that helps to identify this scope - for example: security assessments"
+ " that relate to the resource group myResourceGroup within the subscription"
+ " a5caac9c-5c04-49af-b3d0-e204f40345d5")
.withScopePath(
"/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup")))
.withSources(Arrays.asList(new AutomationSource().withEventSource(EventSource.ASSESSMENTS)))
.withActions(
Arrays
.asList(
new AutomationActionLogicApp()
.withLogicAppResourceId(
"/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1")
.withUri("https://exampleTriggerUri1.com")))
.create();
}
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e716082ac474f182e2220e4f38f1d6191e7636cf/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomationAllAssessments_example.json
func ExampleAutomationsClient_CreateOrUpdate_createOrUpdateASecurityAutomationForAllAssessmentsIncludingAllSeverities() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAutomationsClient().CreateOrUpdate(ctx, "exampleResourceGroup", "exampleAutomation", armsecurity.Automation{
Location: to.Ptr("Central US"),
Etag: to.Ptr("etag value (must be supplied for update)"),
Tags: map[string]*string{},
Properties: &armsecurity.AutomationProperties{
Description: to.Ptr("An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment"),
Actions: []armsecurity.AutomationActionClassification{
&armsecurity.AutomationActionLogicApp{
ActionType: to.Ptr(armsecurity.ActionTypeLogicApp),
LogicAppResourceID: to.Ptr("/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1"),
URI: to.Ptr("https://exampleTriggerUri1.com"),
}},
IsEnabled: to.Ptr(true),
Scopes: []*armsecurity.AutomationScope{
{
Description: to.Ptr("A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5"),
ScopePath: to.Ptr("/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"),
}},
Sources: []*armsecurity.AutomationSource{
{
EventSource: to.Ptr(armsecurity.EventSourceAssessments),
}},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Automation = armsecurity.Automation{
// Location: to.Ptr("Central US"),
// Etag: to.Ptr("new etag value"),
// Name: to.Ptr("exampleAutomation"),
// Type: to.Ptr("Microsoft.Security/automations"),
// ID: to.Ptr("/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/automations/exampleAutomation"),
// Tags: map[string]*string{
// },
// Properties: &armsecurity.AutomationProperties{
// Description: to.Ptr("An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment"),
// Actions: []armsecurity.AutomationActionClassification{
// &armsecurity.AutomationActionLogicApp{
// ActionType: to.Ptr(armsecurity.ActionTypeLogicApp),
// LogicAppResourceID: to.Ptr("/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1"),
// }},
// IsEnabled: to.Ptr(true),
// Scopes: []*armsecurity.AutomationScope{
// {
// Description: to.Ptr("A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5"),
// ScopePath: to.Ptr("/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"),
// }},
// Sources: []*armsecurity.AutomationSource{
// {
// EventSource: to.Ptr(armsecurity.EventSourceAssessments),
// RuleSets: []*armsecurity.AutomationRuleSet{
// },
// }},
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Creates or updates a security automation. If a security automation is already created and a subsequent request is issued for the same automation id, then it will be updated.
*
* @summary Creates or updates a security automation. If a security automation is already created and a subsequent request is issued for the same automation id, then it will be updated.
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomationAllAssessments_example.json
*/
async function createOrUpdateASecurityAutomationForAllAssessmentsIncludingAllSeverities() {
const subscriptionId =
process.env["SECURITY_SUBSCRIPTION_ID"] || "a5caac9c-5c04-49af-b3d0-e204f40345d5";
const resourceGroupName = process.env["SECURITY_RESOURCE_GROUP"] || "exampleResourceGroup";
const automationName = "exampleAutomation";
const automation = {
description:
"An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment",
actions: [
{
actionType: "LogicApp",
logicAppResourceId:
"/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1",
uri: "https://exampleTriggerUri1.com",
},
],
etag: "etag value (must be supplied for update)",
isEnabled: true,
location: "Central US",
scopes: [
{
description:
"A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
scopePath:
"/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup",
},
],
sources: [{ eventSource: "Assessments" }],
tags: {},
};
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential, subscriptionId);
const result = await client.automations.createOrUpdate(
resourceGroupName,
automationName,
automation
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;
// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomationAllAssessments_example.json
// this example is just showing the usage of "Automations_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this SecurityAutomationResource created on azure
// for more information of creating SecurityAutomationResource, please refer to the document of SecurityAutomationResource
string subscriptionId = "a5caac9c-5c04-49af-b3d0-e204f40345d5";
string resourceGroupName = "exampleResourceGroup";
string automationName = "exampleAutomation";
ResourceIdentifier securityAutomationResourceId = SecurityAutomationResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, automationName);
SecurityAutomationResource securityAutomation = client.GetSecurityAutomationResource(securityAutomationResourceId);
// invoke the operation
SecurityAutomationData data = new SecurityAutomationData(new AzureLocation("Central US"))
{
Description = "An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment",
IsEnabled = true,
Scopes =
{
new SecurityAutomationScope()
{
Description = "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
ScopePath = "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup",
}
},
Sources =
{
new SecurityAutomationSource()
{
EventSource = SecurityEventSource.Assessments,
}
},
Actions =
{
new SecurityAutomationActionLogicApp()
{
LogicAppResourceId = new ResourceIdentifier("/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1"),
Uri = new Uri("https://exampleTriggerUri1.com"),
}
},
ETag = new ETag("etag value (must be supplied for update)"),
Tags =
{
},
};
ArmOperation<SecurityAutomationResource> lro = await securityAutomation.UpdateAsync(WaitUntil.Completed, data);
SecurityAutomationResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
SecurityAutomationData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample Response
{
"id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/automations/exampleAutomation",
"name": "exampleAutomation",
"type": "Microsoft.Security/automations",
"location": "Central US",
"etag": "new etag value",
"tags": {},
"properties": {
"description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment",
"isEnabled": true,
"scopes": [
{
"description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
"scopePath": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"
}
],
"sources": [
{
"eventSource": "Assessments",
"ruleSets": []
}
],
"actions": [
{
"logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1",
"actionType": "LogicApp"
}
]
}
}
{
"id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/SecurityAutomations/exampleAutomation",
"name": "exampleAutomation",
"type": "Microsoft.Security/SecurityAutomations",
"location": "Central US",
"etag": "new etag value",
"tags": {},
"properties": {
"description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment",
"isEnabled": true,
"scopes": [
{
"description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
"scopePath": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"
}
],
"sources": [
{
"eventSource": "Assessments",
"ruleSets": []
}
],
"actions": [
{
"logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1",
"actionType": "LogicApp"
}
]
}
}
Create or update a security automation for all high severity assessments
Sample Request
PUT https://management.azure.com/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/automations/exampleAutomation?api-version=2019-01-01-preview
{
"location": "Central US",
"etag": "etag value (must be supplied for update)",
"tags": {},
"properties": {
"description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any high severity security assessment",
"isEnabled": true,
"scopes": [
{
"description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
"scopePath": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"
}
],
"sources": [
{
"eventSource": "Assessments",
"ruleSets": [
{
"rules": [
{
"propertyJPath": "properties.metadata.severity",
"propertyType": "String",
"expectedValue": "High",
"operator": "Equals"
}
]
}
]
}
],
"actions": [
{
"logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1",
"actionType": "LogicApp",
"uri": "https://exampleTriggerUri1.com"
}
]
}
}
import com.azure.resourcemanager.security.models.AutomationActionLogicApp;
import com.azure.resourcemanager.security.models.AutomationRuleSet;
import com.azure.resourcemanager.security.models.AutomationScope;
import com.azure.resourcemanager.security.models.AutomationSource;
import com.azure.resourcemanager.security.models.AutomationTriggeringRule;
import com.azure.resourcemanager.security.models.EventSource;
import com.azure.resourcemanager.security.models.Operator;
import com.azure.resourcemanager.security.models.PropertyType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/** Samples for Automations CreateOrUpdate. */
public final class Main {
/*
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomationHighSeverityAssessments_example.json
*/
/**
* Sample code: Create or update a security automation for all high severity assessments.
*
* @param manager Entry point to SecurityManager.
*/
public static void createOrUpdateASecurityAutomationForAllHighSeverityAssessments(
com.azure.resourcemanager.security.SecurityManager manager) {
manager
.automations()
.define("exampleAutomation")
.withRegion("Central US")
.withExistingResourceGroup("exampleResourceGroup")
.withTags(mapOf())
.withDescription(
"An example of a security automation that triggers one LogicApp resource (myTest1) on any high severity"
+ " security assessment")
.withIsEnabled(true)
.withScopes(
Arrays
.asList(
new AutomationScope()
.withDescription(
"A description that helps to identify this scope - for example: security assessments"
+ " that relate to the resource group myResourceGroup within the subscription"
+ " a5caac9c-5c04-49af-b3d0-e204f40345d5")
.withScopePath(
"/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup")))
.withSources(
Arrays
.asList(
new AutomationSource()
.withEventSource(EventSource.ASSESSMENTS)
.withRuleSets(
Arrays
.asList(
new AutomationRuleSet()
.withRules(
Arrays
.asList(
new AutomationTriggeringRule()
.withPropertyJPath("properties.metadata.severity")
.withPropertyType(PropertyType.STRING)
.withExpectedValue("High")
.withOperator(Operator.EQUALS)))))))
.withActions(
Arrays
.asList(
new AutomationActionLogicApp()
.withLogicAppResourceId(
"/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1")
.withUri("https://exampleTriggerUri1.com")))
.create();
}
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e716082ac474f182e2220e4f38f1d6191e7636cf/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomationHighSeverityAssessments_example.json
func ExampleAutomationsClient_CreateOrUpdate_createOrUpdateASecurityAutomationForAllHighSeverityAssessments() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAutomationsClient().CreateOrUpdate(ctx, "exampleResourceGroup", "exampleAutomation", armsecurity.Automation{
Location: to.Ptr("Central US"),
Etag: to.Ptr("etag value (must be supplied for update)"),
Tags: map[string]*string{},
Properties: &armsecurity.AutomationProperties{
Description: to.Ptr("An example of a security automation that triggers one LogicApp resource (myTest1) on any high severity security assessment"),
Actions: []armsecurity.AutomationActionClassification{
&armsecurity.AutomationActionLogicApp{
ActionType: to.Ptr(armsecurity.ActionTypeLogicApp),
LogicAppResourceID: to.Ptr("/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1"),
URI: to.Ptr("https://exampleTriggerUri1.com"),
}},
IsEnabled: to.Ptr(true),
Scopes: []*armsecurity.AutomationScope{
{
Description: to.Ptr("A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5"),
ScopePath: to.Ptr("/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"),
}},
Sources: []*armsecurity.AutomationSource{
{
EventSource: to.Ptr(armsecurity.EventSourceAssessments),
RuleSets: []*armsecurity.AutomationRuleSet{
{
Rules: []*armsecurity.AutomationTriggeringRule{
{
ExpectedValue: to.Ptr("High"),
Operator: to.Ptr(armsecurity.OperatorEquals),
PropertyJPath: to.Ptr("properties.metadata.severity"),
PropertyType: to.Ptr(armsecurity.PropertyTypeString),
}},
}},
}},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Automation = armsecurity.Automation{
// Location: to.Ptr("Central US"),
// Etag: to.Ptr("new etag value"),
// Name: to.Ptr("exampleAutomation"),
// Type: to.Ptr("Microsoft.Security/automations"),
// ID: to.Ptr("/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/automations/exampleAutomation"),
// Tags: map[string]*string{
// },
// Properties: &armsecurity.AutomationProperties{
// Description: to.Ptr("An example of a security automation that triggers one LogicApp resource (myTest1) on any high severity security assessment"),
// Actions: []armsecurity.AutomationActionClassification{
// &armsecurity.AutomationActionLogicApp{
// ActionType: to.Ptr(armsecurity.ActionTypeLogicApp),
// LogicAppResourceID: to.Ptr("/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1"),
// }},
// IsEnabled: to.Ptr(true),
// Scopes: []*armsecurity.AutomationScope{
// {
// Description: to.Ptr("A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5"),
// ScopePath: to.Ptr("/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"),
// }},
// Sources: []*armsecurity.AutomationSource{
// {
// EventSource: to.Ptr(armsecurity.EventSourceAssessments),
// RuleSets: []*armsecurity.AutomationRuleSet{
// {
// Rules: []*armsecurity.AutomationTriggeringRule{
// {
// ExpectedValue: to.Ptr("High"),
// Operator: to.Ptr(armsecurity.OperatorEquals),
// PropertyJPath: to.Ptr("properties.metadata.severity"),
// PropertyType: to.Ptr(armsecurity.PropertyTypeString),
// }},
// }},
// }},
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Creates or updates a security automation. If a security automation is already created and a subsequent request is issued for the same automation id, then it will be updated.
*
* @summary Creates or updates a security automation. If a security automation is already created and a subsequent request is issued for the same automation id, then it will be updated.
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomationHighSeverityAssessments_example.json
*/
async function createOrUpdateASecurityAutomationForAllHighSeverityAssessments() {
const subscriptionId =
process.env["SECURITY_SUBSCRIPTION_ID"] || "a5caac9c-5c04-49af-b3d0-e204f40345d5";
const resourceGroupName = process.env["SECURITY_RESOURCE_GROUP"] || "exampleResourceGroup";
const automationName = "exampleAutomation";
const automation = {
description:
"An example of a security automation that triggers one LogicApp resource (myTest1) on any high severity security assessment",
actions: [
{
actionType: "LogicApp",
logicAppResourceId:
"/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1",
uri: "https://exampleTriggerUri1.com",
},
],
etag: "etag value (must be supplied for update)",
isEnabled: true,
location: "Central US",
scopes: [
{
description:
"A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
scopePath:
"/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup",
},
],
sources: [
{
eventSource: "Assessments",
ruleSets: [
{
rules: [
{
expectedValue: "High",
operator: "Equals",
propertyJPath: "properties.metadata.severity",
propertyType: "String",
},
],
},
],
},
],
tags: {},
};
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential, subscriptionId);
const result = await client.automations.createOrUpdate(
resourceGroupName,
automationName,
automation
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;
// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutAutomationHighSeverityAssessments_example.json
// this example is just showing the usage of "Automations_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this SecurityAutomationResource created on azure
// for more information of creating SecurityAutomationResource, please refer to the document of SecurityAutomationResource
string subscriptionId = "a5caac9c-5c04-49af-b3d0-e204f40345d5";
string resourceGroupName = "exampleResourceGroup";
string automationName = "exampleAutomation";
ResourceIdentifier securityAutomationResourceId = SecurityAutomationResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, automationName);
SecurityAutomationResource securityAutomation = client.GetSecurityAutomationResource(securityAutomationResourceId);
// invoke the operation
SecurityAutomationData data = new SecurityAutomationData(new AzureLocation("Central US"))
{
Description = "An example of a security automation that triggers one LogicApp resource (myTest1) on any high severity security assessment",
IsEnabled = true,
Scopes =
{
new SecurityAutomationScope()
{
Description = "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
ScopePath = "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup",
}
},
Sources =
{
new SecurityAutomationSource()
{
EventSource = SecurityEventSource.Assessments,
RuleSets =
{
new SecurityAutomationRuleSet()
{
Rules =
{
new SecurityAutomationTriggeringRule()
{
PropertyJPath = "properties.metadata.severity",
PropertyType = AutomationTriggeringRulePropertyType.String,
ExpectedValue = "High",
Operator = AutomationTriggeringRuleOperator.EqualsValue,
}
},
}
},
}
},
Actions =
{
new SecurityAutomationActionLogicApp()
{
LogicAppResourceId = new ResourceIdentifier("/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1"),
Uri = new Uri("https://exampleTriggerUri1.com"),
}
},
ETag = new ETag("etag value (must be supplied for update)"),
Tags =
{
},
};
ArmOperation<SecurityAutomationResource> lro = await securityAutomation.UpdateAsync(WaitUntil.Completed, data);
SecurityAutomationResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
SecurityAutomationData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample Response
{
"id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/automations/exampleAutomation",
"name": "exampleAutomation",
"type": "Microsoft.Security/automations",
"location": "Central US",
"etag": "new etag value",
"tags": {},
"properties": {
"description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any high severity security assessment",
"isEnabled": true,
"scopes": [
{
"description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
"scopePath": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"
}
],
"sources": [
{
"eventSource": "Assessments",
"ruleSets": [
{
"rules": [
{
"propertyJPath": "properties.metadata.severity",
"propertyType": "String",
"expectedValue": "High",
"operator": "Equals"
}
]
}
]
}
],
"actions": [
{
"logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1",
"actionType": "LogicApp"
}
]
}
}
{
"id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/SecurityAutomations/exampleAutomation",
"name": "exampleAutomation",
"type": "Microsoft.Security/SecurityAutomations",
"location": "Central US",
"etag": "new etag value",
"tags": {},
"properties": {
"description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any high severity security assessment",
"isEnabled": true,
"scopes": [
{
"description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
"scopePath": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"
}
],
"sources": [
{
"eventSource": "Assessments",
"ruleSets": [
{
"rules": [
{
"propertyJPath": "properties.metadata.severity",
"propertyType": "String",
"expectedValue": "High",
"operator": "Equals"
}
]
}
]
}
],
"actions": [
{
"logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1",
"actionType": "LogicApp"
}
]
}
}
Disable or enable a security automation
Sample Request
PUT https://management.azure.com/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/automations/exampleAutomation?api-version=2019-01-01-preview
{
"location": "Central US",
"etag": "etag value (must be supplied for update)",
"tags": {},
"properties": {
"description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment of type customAssessment",
"isEnabled": false,
"scopes": [
{
"description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
"scopePath": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"
}
],
"sources": [
{
"eventSource": "Assessments",
"ruleSets": [
{
"rules": [
{
"propertyJPath": "$.Entity.AssessmentType",
"propertyType": "String",
"expectedValue": "customAssessment",
"operator": "Equals"
}
]
}
]
}
],
"actions": [
{
"logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1",
"actionType": "LogicApp",
"uri": "https://exampleTriggerUri1.com"
}
]
}
}
import com.azure.resourcemanager.security.models.AutomationActionLogicApp;
import com.azure.resourcemanager.security.models.AutomationRuleSet;
import com.azure.resourcemanager.security.models.AutomationScope;
import com.azure.resourcemanager.security.models.AutomationSource;
import com.azure.resourcemanager.security.models.AutomationTriggeringRule;
import com.azure.resourcemanager.security.models.EventSource;
import com.azure.resourcemanager.security.models.Operator;
import com.azure.resourcemanager.security.models.PropertyType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/** Samples for Automations CreateOrUpdate. */
public final class Main {
/*
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutDisableAutomation_example.json
*/
/**
* Sample code: Disable or enable a security automation.
*
* @param manager Entry point to SecurityManager.
*/
public static void disableOrEnableASecurityAutomation(com.azure.resourcemanager.security.SecurityManager manager) {
manager
.automations()
.define("exampleAutomation")
.withRegion("Central US")
.withExistingResourceGroup("exampleResourceGroup")
.withTags(mapOf())
.withDescription(
"An example of a security automation that triggers one LogicApp resource (myTest1) on any security"
+ " assessment of type customAssessment")
.withIsEnabled(false)
.withScopes(
Arrays
.asList(
new AutomationScope()
.withDescription(
"A description that helps to identify this scope - for example: security assessments"
+ " that relate to the resource group myResourceGroup within the subscription"
+ " a5caac9c-5c04-49af-b3d0-e204f40345d5")
.withScopePath(
"/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup")))
.withSources(
Arrays
.asList(
new AutomationSource()
.withEventSource(EventSource.ASSESSMENTS)
.withRuleSets(
Arrays
.asList(
new AutomationRuleSet()
.withRules(
Arrays
.asList(
new AutomationTriggeringRule()
.withPropertyJPath("$.Entity.AssessmentType")
.withPropertyType(PropertyType.STRING)
.withExpectedValue("customAssessment")
.withOperator(Operator.EQUALS)))))))
.withActions(
Arrays
.asList(
new AutomationActionLogicApp()
.withLogicAppResourceId(
"/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1")
.withUri("https://exampleTriggerUri1.com")))
.create();
}
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/e716082ac474f182e2220e4f38f1d6191e7636cf/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutDisableAutomation_example.json
func ExampleAutomationsClient_CreateOrUpdate_disableOrEnableASecurityAutomation() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewAutomationsClient().CreateOrUpdate(ctx, "exampleResourceGroup", "exampleAutomation", armsecurity.Automation{
Location: to.Ptr("Central US"),
Etag: to.Ptr("etag value (must be supplied for update)"),
Tags: map[string]*string{},
Properties: &armsecurity.AutomationProperties{
Description: to.Ptr("An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment of type customAssessment"),
Actions: []armsecurity.AutomationActionClassification{
&armsecurity.AutomationActionLogicApp{
ActionType: to.Ptr(armsecurity.ActionTypeLogicApp),
LogicAppResourceID: to.Ptr("/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1"),
URI: to.Ptr("https://exampleTriggerUri1.com"),
}},
IsEnabled: to.Ptr(false),
Scopes: []*armsecurity.AutomationScope{
{
Description: to.Ptr("A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5"),
ScopePath: to.Ptr("/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"),
}},
Sources: []*armsecurity.AutomationSource{
{
EventSource: to.Ptr(armsecurity.EventSourceAssessments),
RuleSets: []*armsecurity.AutomationRuleSet{
{
Rules: []*armsecurity.AutomationTriggeringRule{
{
ExpectedValue: to.Ptr("customAssessment"),
Operator: to.Ptr(armsecurity.OperatorEquals),
PropertyJPath: to.Ptr("$.Entity.AssessmentType"),
PropertyType: to.Ptr(armsecurity.PropertyTypeString),
}},
}},
}},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Automation = armsecurity.Automation{
// Location: to.Ptr("Central US"),
// Etag: to.Ptr("new etag value"),
// Name: to.Ptr("exampleAutomation"),
// Type: to.Ptr("Microsoft.Security/automations"),
// ID: to.Ptr("/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/automations/exampleAutomation"),
// Tags: map[string]*string{
// },
// Properties: &armsecurity.AutomationProperties{
// Description: to.Ptr("An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment of type customAssessment"),
// Actions: []armsecurity.AutomationActionClassification{
// &armsecurity.AutomationActionLogicApp{
// ActionType: to.Ptr(armsecurity.ActionTypeLogicApp),
// LogicAppResourceID: to.Ptr("/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1"),
// }},
// IsEnabled: to.Ptr(false),
// Scopes: []*armsecurity.AutomationScope{
// {
// Description: to.Ptr("A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5"),
// ScopePath: to.Ptr("/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"),
// }},
// Sources: []*armsecurity.AutomationSource{
// {
// EventSource: to.Ptr(armsecurity.EventSourceAssessments),
// RuleSets: []*armsecurity.AutomationRuleSet{
// {
// Rules: []*armsecurity.AutomationTriggeringRule{
// {
// ExpectedValue: to.Ptr("customAssessment"),
// Operator: to.Ptr(armsecurity.OperatorEquals),
// PropertyJPath: to.Ptr("$.Entity.AssessmentType"),
// PropertyType: to.Ptr(armsecurity.PropertyTypeString),
// }},
// }},
// }},
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Creates or updates a security automation. If a security automation is already created and a subsequent request is issued for the same automation id, then it will be updated.
*
* @summary Creates or updates a security automation. If a security automation is already created and a subsequent request is issued for the same automation id, then it will be updated.
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutDisableAutomation_example.json
*/
async function disableOrEnableASecurityAutomation() {
const subscriptionId =
process.env["SECURITY_SUBSCRIPTION_ID"] || "a5caac9c-5c04-49af-b3d0-e204f40345d5";
const resourceGroupName = process.env["SECURITY_RESOURCE_GROUP"] || "exampleResourceGroup";
const automationName = "exampleAutomation";
const automation = {
description:
"An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment of type customAssessment",
actions: [
{
actionType: "LogicApp",
logicAppResourceId:
"/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1",
uri: "https://exampleTriggerUri1.com",
},
],
etag: "etag value (must be supplied for update)",
isEnabled: false,
location: "Central US",
scopes: [
{
description:
"A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
scopePath:
"/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup",
},
],
sources: [
{
eventSource: "Assessments",
ruleSets: [
{
rules: [
{
expectedValue: "customAssessment",
operator: "Equals",
propertyJPath: "$.Entity.AssessmentType",
propertyType: "String",
},
],
},
],
},
],
tags: {},
};
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential, subscriptionId);
const result = await client.automations.createOrUpdate(
resourceGroupName,
automationName,
automation
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;
// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/Automations/PutDisableAutomation_example.json
// this example is just showing the usage of "Automations_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this SecurityAutomationResource created on azure
// for more information of creating SecurityAutomationResource, please refer to the document of SecurityAutomationResource
string subscriptionId = "a5caac9c-5c04-49af-b3d0-e204f40345d5";
string resourceGroupName = "exampleResourceGroup";
string automationName = "exampleAutomation";
ResourceIdentifier securityAutomationResourceId = SecurityAutomationResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, automationName);
SecurityAutomationResource securityAutomation = client.GetSecurityAutomationResource(securityAutomationResourceId);
// invoke the operation
SecurityAutomationData data = new SecurityAutomationData(new AzureLocation("Central US"))
{
Description = "An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment of type customAssessment",
IsEnabled = false,
Scopes =
{
new SecurityAutomationScope()
{
Description = "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
ScopePath = "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup",
}
},
Sources =
{
new SecurityAutomationSource()
{
EventSource = SecurityEventSource.Assessments,
RuleSets =
{
new SecurityAutomationRuleSet()
{
Rules =
{
new SecurityAutomationTriggeringRule()
{
PropertyJPath = "$.Entity.AssessmentType",
PropertyType = AutomationTriggeringRulePropertyType.String,
ExpectedValue = "customAssessment",
Operator = AutomationTriggeringRuleOperator.EqualsValue,
}
},
}
},
}
},
Actions =
{
new SecurityAutomationActionLogicApp()
{
LogicAppResourceId = new ResourceIdentifier("/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1"),
Uri = new Uri("https://exampleTriggerUri1.com"),
}
},
ETag = new ETag("etag value (must be supplied for update)"),
Tags =
{
},
};
ArmOperation<SecurityAutomationResource> lro = await securityAutomation.UpdateAsync(WaitUntil.Completed, data);
SecurityAutomationResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
SecurityAutomationData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample Response
{
"id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/automations/exampleAutomation",
"name": "exampleAutomation",
"type": "Microsoft.Security/automations",
"location": "Central US",
"etag": "new etag value",
"tags": {},
"properties": {
"description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment of type customAssessment",
"isEnabled": false,
"scopes": [
{
"description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
"scopePath": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"
}
],
"sources": [
{
"eventSource": "Assessments",
"ruleSets": [
{
"rules": [
{
"propertyJPath": "$.Entity.AssessmentType",
"propertyType": "String",
"expectedValue": "customAssessment",
"operator": "Equals"
}
]
}
]
}
],
"actions": [
{
"logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1",
"actionType": "LogicApp"
}
]
}
}
{
"id": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/exampleResourceGroup/providers/Microsoft.Security/SecurityAutomations/exampleAutomation",
"name": "exampleAutomation",
"type": "Microsoft.Security/SecurityAutomations",
"location": "Central US",
"etag": "new etag value",
"tags": {},
"properties": {
"description": "An example of a security automation that triggers one LogicApp resource (myTest1) on any security assessment of type customAssessment",
"isEnabled": false,
"scopes": [
{
"description": "A description that helps to identify this scope - for example: security assessments that relate to the resource group myResourceGroup within the subscription a5caac9c-5c04-49af-b3d0-e204f40345d5",
"scopePath": "/subscriptions/a5caac9c-5c04-49af-b3d0-e204f40345d5/resourceGroups/myResourceGroup"
}
],
"sources": [
{
"eventSource": "Assessments",
"ruleSets": [
{
"rules": [
{
"propertyJPath": "$.Entity.AssessmentType",
"propertyType": "String",
"expectedValue": "customAssessment",
"operator": "Equals"
}
]
}
]
}
],
"actions": [
{
"logicAppResourceId": "/subscriptions/e54a4a18-5b94-4f90-9471-bd3decad8a2e/resourceGroups/sample/providers/Microsoft.Logic/workflows/MyTest1",
"actionType": "LogicApp"
}
]
}
}
Definições
Nome |
Description |
Automation
|
O recurso de automação de segurança.
|
AutomationActionEventHub
|
O Hub de Eventos de destino para o qual os dados de evento serão exportados. Para saber mais sobre Microsoft Defender para recursos de exportação contínua de nuvem, visitehttps://aka.ms/ASCExportLearnMore
|
AutomationActionLogicApp
|
A ação do aplicativo lógico que deve ser disparada. Para saber mais sobre Microsoft Defender para recursos de Automação de Fluxo de Trabalho da Nuvem, visitehttps://aka.ms/ASCWorkflowAutomationLearnMore
|
AutomationActionWorkspace
|
O Workspace do Log Analytics para o qual os dados de evento serão exportados. Os dados de alertas de segurança residirão na tabela 'SecurityAlert' e os dados de avaliações residirão na tabela 'SecurityRecommendation' (nas soluções 'Security'/'SecurityCenterFree'). Observe que, para exibir os dados no workspace, a solução padrão/gratuita do Log Analytics da Central de Segurança precisa ser habilitada nesse workspace. Para saber mais sobre Microsoft Defender para recursos de exportação contínua de nuvem, visitehttps://aka.ms/ASCExportLearnMore
|
AutomationRuleSet
|
Um conjunto de regras que avalia todas as suas regras após uma interceptação de evento. Somente quando todas as regras incluídas no conjunto de regras forem avaliadas como 'true', o evento disparará as ações definidas.
|
AutomationScope
|
Um único escopo de automação.
|
AutomationSource
|
Os tipos de evento de origem que avaliam o conjunto de regras de automação de segurança. Por exemplo: alertas de segurança e avaliações de segurança. Para saber mais sobre os esquemas de modelos de dados de eventos de segurança com suporte, visite https://aka.ms/ASCAutomationSchemas.
|
AutomationTriggeringRule
|
Uma regra que é avaliada após a interceptação de eventos. A regra é configurada comparando um valor específico do modelo de evento com um valor esperado. Essa comparação é feita usando um dos operadores com suporte definido.
|
CloudError
|
Resposta de erro comum para todas as APIs do Azure Resource Manager para retornar detalhes de erro de operações com falha. (Isso também segue o formato de resposta de erro OData.).
|
CloudErrorBody
|
O detalhe do erro.
|
ErrorAdditionalInfo
|
As informações adicionais do erro de gerenciamento de recursos.
|
EventSource
|
Um tipo de origem de evento válido.
|
Operator
|
Um operador comparador válido a ser usado. Uma comparação que não diferencia maiúsculas de minúsculas será aplicada para String PropertyType.
|
PropertyType
|
O tipo de dados dos operandos comparados (cadeia de caracteres, inteiro, número de ponto flutuante ou um booliano [true/false]]
|
Automation
O recurso de automação de segurança.
Nome |
Tipo |
Description |
etag
|
string
|
A marca de entidade é usada para comparar duas ou mais entidades do mesmo recurso solicitado.
|
id
|
string
|
ID do recurso
|
kind
|
string
|
Tipo de recurso
|
location
|
string
|
Local em que o recurso é armazenado
|
name
|
string
|
Nome do recurso
|
properties.actions
|
AutomationAction[]:
|
Uma coleção das ações que são disparadas se todas as avaliações de regras configuradas, dentro de pelo menos um conjunto de regras, forem verdadeiras.
|
properties.description
|
string
|
A descrição da automação de segurança.
|
properties.isEnabled
|
boolean
|
Indica se a automação de segurança está habilitada.
|
properties.scopes
|
AutomationScope[]
|
Uma coleção de escopos nos quais a lógica de automações de segurança é aplicada. Os escopos com suporte são a própria assinatura ou um grupo de recursos nessa assinatura. A automação só será aplicada em escopos definidos.
|
properties.sources
|
AutomationSource[]
|
Uma coleção dos tipos de evento de origem que avaliam o conjunto de regras de automação de segurança.
|
tags
|
object
|
Uma lista de pares de chave e valor que descrevem o recurso.
|
type
|
string
|
Tipo de recurso
|
AutomationActionEventHub
O Hub de Eventos de destino para o qual os dados de evento serão exportados. Para saber mais sobre Microsoft Defender para recursos de exportação contínua de nuvem, visitehttps://aka.ms/ASCExportLearnMore
Nome |
Tipo |
Description |
actionType
|
string:
EventHub
|
O tipo da ação que será disparada pela Automação
|
connectionString
|
string
|
O hub de eventos de destino cadeia de conexão (ele não será incluído em nenhuma resposta).
|
eventHubResourceId
|
string
|
A ID do Recurso do Azure do Hub de Eventos de destino.
|
sasPolicyName
|
string
|
O nome da política SAS do Hub de Eventos de destino.
|
AutomationActionLogicApp
A ação do aplicativo lógico que deve ser disparada. Para saber mais sobre Microsoft Defender para recursos de Automação de Fluxo de Trabalho da Nuvem, visitehttps://aka.ms/ASCWorkflowAutomationLearnMore
Nome |
Tipo |
Description |
actionType
|
string:
LogicApp
|
O tipo da ação que será disparada pela Automação
|
logicAppResourceId
|
string
|
A ID de Recurso do Azure do Aplicativo Lógico disparada. Isso também pode residir em outras assinaturas, considerando que você tem permissões para disparar o Aplicativo Lógico
|
uri
|
string
|
O ponto de extremidade de URI do gatilho do Aplicativo Lógico (ele não será incluído em nenhuma resposta).
|
AutomationActionWorkspace
O Workspace do Log Analytics para o qual os dados de evento serão exportados. Os dados de alertas de segurança residirão na tabela 'SecurityAlert' e os dados de avaliações residirão na tabela 'SecurityRecommendation' (nas soluções 'Security'/'SecurityCenterFree'). Observe que, para exibir os dados no workspace, a solução padrão/gratuita do Log Analytics da Central de Segurança precisa ser habilitada nesse workspace. Para saber mais sobre Microsoft Defender para recursos de exportação contínua de nuvem, visitehttps://aka.ms/ASCExportLearnMore
Nome |
Tipo |
Description |
actionType
|
string:
Workspace
|
O tipo da ação que será disparada pela Automação
|
workspaceResourceId
|
string
|
A ID de Recurso do Azure do Workspace do Log Analytics totalmente qualificada.
|
AutomationRuleSet
Um conjunto de regras que avalia todas as suas regras após uma interceptação de evento. Somente quando todas as regras incluídas no conjunto de regras forem avaliadas como 'true', o evento disparará as ações definidas.
Nome |
Tipo |
Description |
rules
|
AutomationTriggeringRule[]
|
Uma regra que é avaliada após a interceptação de eventos. A regra é configurada comparando um valor específico do modelo de evento com um valor esperado. Essa comparação é feita usando um dos operadores com suporte definido.
|
AutomationScope
Um único escopo de automação.
Nome |
Tipo |
Description |
description
|
string
|
A descrição do escopo dos recursos.
|
scopePath
|
string
|
O caminho do escopo dos recursos. Pode ser a assinatura na qual a automação é definida ou um grupo de recursos sob essa assinatura (IDs de recurso do Azure totalmente qualificadas).
|
AutomationSource
Os tipos de evento de origem que avaliam o conjunto de regras de automação de segurança. Por exemplo: alertas de segurança e avaliações de segurança. Para saber mais sobre os esquemas de modelos de dados de eventos de segurança com suporte, visite https://aka.ms/ASCAutomationSchemas.
Nome |
Tipo |
Description |
eventSource
|
EventSource
|
Um tipo de origem de evento válido.
|
ruleSets
|
AutomationRuleSet[]
|
Um conjunto de regras que são avaliadas após a interceptação de eventos. Uma disjunção lógica é aplicada entre conjuntos de regras definidos (lógico 'ou').
|
AutomationTriggeringRule
Uma regra que é avaliada após a interceptação de eventos. A regra é configurada comparando um valor específico do modelo de evento com um valor esperado. Essa comparação é feita usando um dos operadores com suporte definido.
Nome |
Tipo |
Description |
expectedValue
|
string
|
O valor esperado.
|
operator
|
Operator
|
Um operador comparador válido a ser usado. Uma comparação que não diferencia maiúsculas de minúsculas será aplicada para String PropertyType.
|
propertyJPath
|
string
|
O JPath da propriedade do modelo de entidade que deve ser verificada.
|
propertyType
|
PropertyType
|
O tipo de dados dos operandos comparados (cadeia de caracteres, inteiro, número de ponto flutuante ou um booliano [true/false]]
|
CloudError
Resposta de erro comum para todas as APIs do Azure Resource Manager para retornar detalhes de erro de operações com falha. (Isso também segue o formato de resposta de erro OData.).
Nome |
Tipo |
Description |
error.additionalInfo
|
ErrorAdditionalInfo[]
|
As informações adicionais do erro.
|
error.code
|
string
|
O código de erro.
|
error.details
|
CloudErrorBody[]
|
Os detalhes do erro.
|
error.message
|
string
|
A mensagem de erro.
|
error.target
|
string
|
O destino do erro.
|
CloudErrorBody
O detalhe do erro.
Nome |
Tipo |
Description |
additionalInfo
|
ErrorAdditionalInfo[]
|
As informações adicionais do erro.
|
code
|
string
|
O código de erro.
|
details
|
CloudErrorBody[]
|
Os detalhes do erro.
|
message
|
string
|
A mensagem de erro.
|
target
|
string
|
O destino do erro.
|
ErrorAdditionalInfo
As informações adicionais do erro de gerenciamento de recursos.
Nome |
Tipo |
Description |
info
|
object
|
As informações adicionais.
|
type
|
string
|
O tipo de informação adicional.
|
EventSource
Um tipo de origem de evento válido.
Nome |
Tipo |
Description |
Alerts
|
string
|
|
Assessments
|
string
|
|
AssessmentsSnapshot
|
string
|
|
RegulatoryComplianceAssessment
|
string
|
|
RegulatoryComplianceAssessmentSnapshot
|
string
|
|
SecureScoreControls
|
string
|
|
SecureScoreControlsSnapshot
|
string
|
|
SecureScores
|
string
|
|
SecureScoresSnapshot
|
string
|
|
SubAssessments
|
string
|
|
SubAssessmentsSnapshot
|
string
|
|
Operator
Um operador comparador válido a ser usado. Uma comparação que não diferencia maiúsculas de minúsculas será aplicada para String PropertyType.
Nome |
Tipo |
Description |
Contains
|
string
|
Aplica-se somente a operandos não decimais
|
EndsWith
|
string
|
Aplica-se somente a operandos não decimais
|
Equals
|
string
|
Aplica-se a operandos decimal e não decimais
|
GreaterThan
|
string
|
Aplica-se somente a operandos decimais
|
GreaterThanOrEqualTo
|
string
|
Aplica-se somente a operandos decimais
|
LesserThan
|
string
|
Aplica-se somente a operandos decimais
|
LesserThanOrEqualTo
|
string
|
Aplica-se somente a operandos decimais
|
NotEquals
|
string
|
Aplica-se a operandos decimal e não decimais
|
StartsWith
|
string
|
Aplica-se somente a operandos não decimais
|
PropertyType
O tipo de dados dos operandos comparados (cadeia de caracteres, inteiro, número de ponto flutuante ou um booliano [true/false]]
Nome |
Tipo |
Description |
Boolean
|
string
|
|
Integer
|
string
|
|
Number
|
string
|
|
String
|
string
|
|