diff --git a/schemas/2018-05-01/subscriptionDeploymentTemplate.json b/schemas/2018-05-01/subscriptionDeploymentTemplate.json index 4cb40f6622..6fd36801e3 100644 --- a/schemas/2018-05-01/subscriptionDeploymentTemplate.json +++ b/schemas/2018-05-01/subscriptionDeploymentTemplate.json @@ -1037,9 +1037,15 @@ { "$ref": "https://schema.management.azure.com/schemas/2021-01-15-preview/Microsoft.Security.json#/subscription_resourceDefinitions/ingestionSettings" }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-06-01/Microsoft.Security.json#/subscription_resourceDefinitions/assessmentMetadata" + }, { "$ref": "https://schema.management.azure.com/schemas/2021-06-01/Microsoft.Security.json#/subscription_resourceDefinitions/settings" }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-06-01/Microsoft.Security.json#/unknown_resourceDefinitions/assessments" + }, { "$ref": "https://schema.management.azure.com/schemas/2021-07-01/Microsoft.Security.json#/subscription_resourceDefinitions/settings" }, diff --git a/schemas/2021-06-01/Microsoft.Security.json b/schemas/2021-06-01/Microsoft.Security.json index 8324cd740c..239bb0ed90 100644 --- a/schemas/2021-06-01/Microsoft.Security.json +++ b/schemas/2021-06-01/Microsoft.Security.json @@ -5,6 +5,45 @@ "description": "Microsoft Security Resource Types", "resourceDefinitions": {}, "subscription_resourceDefinitions": { + "assessmentMetadata": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-06-01" + ] + }, + "name": { + "type": "string", + "description": "The Assessment Key - Unique key for the assessment type" + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/SecurityAssessmentMetadataPropertiesResponse" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Describes properties of an assessment metadata response." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Security/assessmentMetadata" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Security/assessmentMetadata" + }, "settings": { "type": "object", "oneOf": [ @@ -53,6 +92,47 @@ "description": "Microsoft.Security/settings" } }, + "unknown_resourceDefinitions": { + "assessments": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-06-01" + ] + }, + "name": { + "type": "string", + "description": "The Assessment Key - Unique key for the assessment type" + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/SecurityAssessmentProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Describes properties of an assessment." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Security/assessments" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Security/assessments" + } + }, "definitions": { "AlertSyncSettingProperties": { "type": "object", @@ -100,6 +180,59 @@ ], "description": "Represents an alert sync setting" }, + "AssessmentLinks": { + "type": "object", + "properties": {}, + "description": "Links relevant to the assessment" + }, + "AssessmentStatus": { + "type": "object", + "properties": { + "cause": { + "type": "string", + "description": "Programmatic code for the cause of the assessment status" + }, + "code": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Healthy", + "Unhealthy", + "NotApplicable" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Programmatic code for the status of the assessment." + }, + "description": { + "type": "string", + "description": "Human readable description of the assessment status" + } + }, + "required": [ + "code" + ], + "description": "The result of the assessment" + }, + "AzureResourceDetails": { + "type": "object", + "properties": { + "source": { + "type": "string", + "enum": [ + "Azure" + ] + } + }, + "required": [ + "source" + ], + "description": "Details of the Azure resource that was assessed" + }, "DataExportSettingProperties": { "type": "object", "properties": { @@ -145,6 +278,710 @@ "kind" ], "description": "Represents a data export setting" + }, + "OnPremiseResourceDetails": { + "type": "object", + "oneOf": [ + { + "$ref": "#/definitions/OnPremiseSqlResourceDetails" + } + ], + "properties": { + "machineName": { + "type": "string", + "description": "The name of the machine" + }, + "source": { + "type": "string", + "enum": [ + "OnPremise" + ] + }, + "sourceComputerId": { + "type": "string", + "description": "The oms agent Id installed on the machine" + }, + "vmuuid": { + "type": "string", + "description": "The unique Id of the machine" + }, + "workspaceId": { + "type": "string", + "description": "Azure resource Id of the workspace the machine is attached to" + } + }, + "required": [ + "machineName", + "source", + "sourceComputerId", + "vmuuid", + "workspaceId" + ], + "description": "Details of the On Premise resource that was assessed" + }, + "OnPremiseSqlResourceDetails": { + "type": "object", + "properties": { + "databaseName": { + "type": "string", + "description": "The Sql database name installed on the machine" + }, + "serverName": { + "type": "string", + "description": "The Sql server name installed on the machine" + }, + "source": { + "type": "string", + "enum": [ + "OnPremiseSql" + ] + } + }, + "required": [ + "databaseName", + "serverName", + "source" + ], + "description": "Details of the On Premise Sql resource that was assessed" + }, + "ResourceDetails": { + "type": "object", + "oneOf": [ + { + "$ref": "#/definitions/AzureResourceDetails" + }, + { + "$ref": "#/definitions/OnPremiseResourceDetails" + } + ], + "properties": {}, + "description": "Details of the resource that was assessed" + }, + "SecurityAssessmentMetadataPartnerData": { + "type": "object", + "properties": { + "partnerName": { + "type": "string", + "description": "Name of the company of the partner" + }, + "productName": { + "type": "string", + "description": "Name of the product of the partner that created the assessment" + }, + "secret": { + "type": "string", + "description": "Secret to authenticate the partner and verify it created the assessment - write only" + } + }, + "required": [ + "partnerName", + "secret" + ], + "description": "Describes the partner that created the assessment" + }, + "SecurityAssessmentMetadataProperties": { + "type": "object", + "properties": { + "assessmentType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "BuiltIn", + "CustomPolicy", + "CustomerManaged", + "VerifiedPartner" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition." + }, + "categories": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string", + "enum": [ + "Compute", + "Networking", + "Data", + "IdentityAndAccess", + "IoT" + ] + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "description": { + "type": "string", + "description": "Human readable description of the assessment" + }, + "displayName": { + "type": "string", + "description": "User friendly display name of the assessment" + }, + "implementationEffort": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Low", + "Moderate", + "High" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The implementation effort required to remediate this assessment." + }, + "partnerData": { + "oneOf": [ + { + "$ref": "#/definitions/SecurityAssessmentMetadataPartnerData" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Describes the partner that created the assessment" + }, + "preview": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "True if this assessment is in preview release status" + }, + "remediationDescription": { + "type": "string", + "description": "Human readable description of what you should do to mitigate this security issue" + }, + "severity": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Low", + "Medium", + "High" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The severity level of the assessment." + }, + "threats": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string", + "enum": [ + "accountBreach", + "dataExfiltration", + "dataSpillage", + "maliciousInsider", + "elevationOfPrivilege", + "threatResistance", + "missingCoverage", + "denialOfService" + ] + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "userImpact": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Low", + "Moderate", + "High" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The user impact of the assessment." + } + }, + "required": [ + "assessmentType", + "displayName", + "severity" + ], + "description": "Describes properties of an assessment metadata." + }, + "SecurityAssessmentMetadataPropertiesResponse": { + "type": "object", + "properties": { + "assessmentType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "BuiltIn", + "CustomPolicy", + "CustomerManaged", + "VerifiedPartner" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition." + }, + "categories": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string", + "enum": [ + "Compute", + "Networking", + "Data", + "IdentityAndAccess", + "IoT" + ] + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "description": { + "type": "string", + "description": "Human readable description of the assessment" + }, + "displayName": { + "type": "string", + "description": "User friendly display name of the assessment" + }, + "implementationEffort": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Low", + "Moderate", + "High" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The implementation effort required to remediate this assessment." + }, + "partnerData": { + "oneOf": [ + { + "$ref": "#/definitions/SecurityAssessmentMetadataPartnerData" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Describes the partner that created the assessment" + }, + "plannedDeprecationDate": { + "oneOf": [ + { + "type": "string", + "pattern": "^[0-9]{2}/[0-9]{4}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "preview": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "True if this assessment is in preview release status" + }, + "publishDates": { + "oneOf": [ + { + "$ref": "#/definitions/SecurityAssessmentMetadataPropertiesResponsePublishDates" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "remediationDescription": { + "type": "string", + "description": "Human readable description of what you should do to mitigate this security issue" + }, + "severity": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Low", + "Medium", + "High" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The severity level of the assessment." + }, + "tactics": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string", + "enum": [ + "Reconnaissance", + "Resource Development", + "Initial Access", + "Execution", + "Persistence", + "Privilege Escalation", + "Defense Evasion", + "Credential Access", + "Discovery", + "Lateral Movement", + "Collection", + "Command and Control", + "Exfiltration", + "Impact" + ] + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "techniques": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string", + "enum": [ + "Abuse Elevation Control Mechanism", + "Access Token Manipulation", + "Account Discovery", + "Account Manipulation", + "Active Scanning", + "Application Layer Protocol", + "Audio Capture", + "Boot or Logon Autostart Execution", + "Boot or Logon Initialization Scripts", + "Brute Force", + "Cloud Infrastructure Discovery", + "Cloud Service Dashboard", + "Cloud Service Discovery", + "Command and Scripting Interpreter", + "Compromise Client Software Binary", + "Compromise Infrastructure", + "Container and Resource Discovery", + "Create Account", + "Create or Modify System Process", + "Credentials from Password Stores", + "Data Destruction", + "Data Encrypted for Impact", + "Data from Cloud Storage Object", + "Data from Configuration Repository", + "Data from Information Repositories", + "Data from Local System", + "Data Manipulation", + "Data Staged", + "Defacement", + "Deobfuscate/Decode Files or Information", + "Disk Wipe", + "Domain Trust Discovery", + "Drive-by Compromise", + "Dynamic Resolution", + "Endpoint Denial of Service", + "Event Triggered Execution", + "Exfiltration Over Alternative Protocol", + "Exploit Public-Facing Application", + "Exploitation for Client Execution", + "Exploitation for Credential Access", + "Exploitation for Defense Evasion", + "Exploitation for Privilege Escalation", + "Exploitation of Remote Services", + "External Remote Services", + "Fallback Channels", + "File and Directory Discovery", + "Gather Victim Network Information", + "Hide Artifacts", + "Hijack Execution Flow", + "Impair Defenses", + "Implant Container Image", + "Indicator Removal on Host", + "Indirect Command Execution", + "Ingress Tool Transfer", + "Input Capture", + "Inter-Process Communication", + "Lateral Tool Transfer", + "Man-in-the-Middle", + "Masquerading", + "Modify Authentication Process", + "Modify Registry", + "Network Denial of Service", + "Network Service Scanning", + "Network Sniffing", + "Non-Application Layer Protocol", + "Non-Standard Port", + "Obfuscated Files or Information", + "Obtain Capabilities", + "Obuscated Files or Information", + "Office Application Startup", + "OS Credential Dumping", + "Permission Groups Discovery", + "Phishing", + "Pre-OS Boot", + "Process Discovery", + "Process Injection", + "Protocol Tunneling", + "Proxy", + "Query Registry", + "Remote Access Software", + "Remote Service Session Hijacking", + "Remote Services", + "Remote System Discovery", + "Resource Hijacking", + "Scheduled Task/Job", + "Screen Capture", + "Search Victim-Owned Websites", + "Server Software Component", + "Service Stop", + "Signed Binary Proxy Execution", + "Software Deployment Tools", + "SQL Stored Procedures", + "Steal or Forge Kerberos Tickets", + "Subvert Trust Controls", + "Supply Chain Compromise", + "System Information Discovery", + "Taint Shared Content", + "Traffic Signaling", + "Transfer Data to Cloud Account", + "Trusted Relationship", + "Unsecured Credentials", + "User Execution", + "Valid Accounts", + "Windows Management Instrumentation", + "File and Directory Permissions Modification" + ] + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "threats": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string", + "enum": [ + "accountBreach", + "dataExfiltration", + "dataSpillage", + "maliciousInsider", + "elevationOfPrivilege", + "threatResistance", + "missingCoverage", + "denialOfService" + ] + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "userImpact": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Low", + "Moderate", + "High" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The user impact of the assessment." + } + }, + "required": [ + "assessmentType", + "displayName", + "severity" + ], + "description": "Describes properties of an assessment metadata response." + }, + "SecurityAssessmentMetadataPropertiesResponsePublishDates": { + "type": "object", + "properties": { + "GA": { + "oneOf": [ + { + "type": "string", + "pattern": "^([0-9]{2}/){2}[0-9]{4}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "public": { + "oneOf": [ + { + "type": "string", + "pattern": "^([0-9]{2}/){2}[0-9]{4}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + } + }, + "required": [ + "public" + ] + }, + "SecurityAssessmentPartnerData": { + "type": "object", + "properties": { + "partnerName": { + "type": "string", + "description": "Name of the company of the partner" + }, + "secret": { + "type": "string", + "description": "secret to authenticate the partner - write only" + } + }, + "required": [ + "partnerName", + "secret" + ], + "description": "Data regarding 3rd party partner integration" + }, + "SecurityAssessmentProperties": { + "type": "object", + "properties": { + "additionalData": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Additional data regarding the assessment" + }, + "links": { + "oneOf": [ + { + "$ref": "#/definitions/AssessmentLinks" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Links relevant to the assessment" + }, + "metadata": { + "oneOf": [ + { + "$ref": "#/definitions/SecurityAssessmentMetadataProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Describes properties of an assessment metadata." + }, + "partnersData": { + "oneOf": [ + { + "$ref": "#/definitions/SecurityAssessmentPartnerData" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Data regarding 3rd party partner integration" + }, + "resourceDetails": { + "oneOf": [ + { + "$ref": "#/definitions/ResourceDetails" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Details of the resource that was assessed" + }, + "status": { + "oneOf": [ + { + "$ref": "#/definitions/AssessmentStatus" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The result of the assessment" + } + }, + "required": [ + "resourceDetails", + "status" + ], + "description": "Describes properties of an assessment." } } } \ No newline at end of file diff --git a/schemas/common/autogeneratedResources.json b/schemas/common/autogeneratedResources.json index a4405f6679..726996f12e 100644 --- a/schemas/common/autogeneratedResources.json +++ b/schemas/common/autogeneratedResources.json @@ -8602,6 +8602,9 @@ { "$ref": "https://schema.management.azure.com/schemas/2020-01-01/Microsoft.Security.json#/unknown_resourceDefinitions/assessments" }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-06-01/Microsoft.Security.json#/unknown_resourceDefinitions/assessments" + }, { "$ref": "https://schema.management.azure.com/schemas/2015-08-01/Microsoft.ServiceBus.json#/resourceDefinitions/namespaces" },