diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/examples/IotAlerts/GetIoTAlert.json b/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/examples/IotAlerts/GetIoTAlert.json index cc79de173fdf..8412d3e4f6fd 100644 --- a/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/examples/IotAlerts/GetIoTAlert.json +++ b/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/examples/IotAlerts/GetIoTAlert.json @@ -7,6 +7,9 @@ "responses": { "200": { "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Devices/iotHubs/myIotHub/providers/Microsoft.Security/iotAlerts/903e76ff-17eb-4bac-ac8a-2bc31ab68fd8", + "name": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8", + "type": "Microsoft.Security/iotAlerts", "properties": { "systemAlertId": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8", "compromisedEntity": "device-1", diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/examples/IotAlerts/GetIoTAlertList.json b/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/examples/IotAlerts/GetIoTAlertList.json index fb551a2c7ef1..550b347860c5 100644 --- a/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/examples/IotAlerts/GetIoTAlertList.json +++ b/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/examples/IotAlerts/GetIoTAlertList.json @@ -13,6 +13,9 @@ "body": { "value": [ { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Devices/iotHubs/myIotHub/providers/Microsoft.Security/iotAlerts/903e76ff-17eb-4bac-ac8a-2bc31ab68fd8", + "name": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8", + "type": "Microsoft.Security/iotAlerts", "properties": { "systemAlertId": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8", "compromisedEntity": "device-1", diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/iotAlerts.json b/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/iotAlerts.json index 3c6af28c9e93..bdf74b5bb257 100644 --- a/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/iotAlerts.json +++ b/specification/security/resource-manager/Microsoft.Security/preview/2020-08-06-preview/iotAlerts.json @@ -206,7 +206,12 @@ "description": "Alert properties", "$ref": "#/definitions/IotAlertPropertiesModel" } - } + }, + "allOf": [ + { + "$ref": "../../../common/v1/types.json#/definitions/Resource" + } + ] }, "IotAlertPropertiesModel": { "type": "object", diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/deviceSecurityGroups.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/deviceSecurityGroups.json index 61bfab4a4553..bec45112fb42 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/deviceSecurityGroups.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/deviceSecurityGroups.json @@ -364,6 +364,16 @@ ], "properties": {} }, + "ConnectionFromIpNotAllowed": { + "type": "object", + "description": "Inbound connection from an ip that isn't allowed. Allow list consists of ipv4 or ipv6 range in CIDR notation.", + "allOf": [ + { + "$ref": "#/definitions/AllowlistCustomAlertRule" + } + ], + "properties": {} + }, "LocalUserNotAllowed": { "type": "object", "description": "Login by a local user that isn't allowed. Allow list consists of login names to allow.", @@ -416,10 +426,12 @@ "properties": { "minThreshold": { "type": "integer", + "format": "int32", "description": "The minimum threshold." }, "maxThreshold": { "type": "integer", + "format": "int32", "description": "The maximum threshold." } }, diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/DeviceSecurityGroups/PutDeviceSecurityGroups_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/DeviceSecurityGroups/PutDeviceSecurityGroups_example.json index 357a11a33ef3..eb0465c5b72d 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/DeviceSecurityGroups/PutDeviceSecurityGroups_example.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/DeviceSecurityGroups/PutDeviceSecurityGroups_example.json @@ -1,35 +1,17 @@ { "parameters": { - "api-version": "2017-08-01-preview", - "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", - "resourceGroupName": "MyGroup", - "solutionName": "default", - "iotSecuritySolutionData": { - "tags": {}, - "location": "East Us", + "api-version": "2019-08-01", + "resourceId": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SampleRG/providers/Microsoft.Devices/iotHubs/sampleiothub", + "deviceSecurityGroupName": "samplesecuritygroup", + "deviceSecurityGroup": { "properties": { - "workspace": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1", - "status": "Enabled", - "export": [], - "disabledDataSources": [], - "displayName": "Solution Default", - "iotHubs": [ - "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub" - ], - "userDefinedResources": { - "query": "where type != \"microsoft.devices/iothubs\" | where name contains \"iot\"", - "querySubscriptions": [ - "075423e9-7d33-4166-8bdf-3920b04e3735" - ] - }, - "recommendationsConfiguration": [ + "timeWindowRules": [ { - "recommendationType": "IoT_OpenPorts", - "status": "Disabled" - }, - { - "recommendationType": "IoT_SharedCredentials", - "status": "Disabled" + "ruleType": "ActiveConnectionsNotInAllowedRange", + "isEnabled": true, + "minThreshold": 0, + "maxThreshold": 30, + "timeWindowSize": "PT05M" } ] } @@ -38,223 +20,361 @@ "responses": { "200": { "body": { - "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/Locations/eastus/IoTSecuritySolutions/default", - "name": "default", - "type": "Microsoft.Security/IoTSecuritySolutions", - "location": "East Us", - "tags": {}, + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SampleRG/providers/Microsoft.Devices/iotHubs/sampleiothub/providers/Microsoft.Security/deviceSecurityGroups/samplesecuritygroup", + "name": "samplesecuritygroup", + "type": "Microsoft.Security/deviceSecurityGroups", "properties": { - "workspace": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1", - "status": "Enabled", - "export": [], - "disabledDataSources": [], - "displayName": "Solution Default", - "iotHubs": [ - "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub" - ], - "userDefinedResources": { - "query": "where type != \"microsoft.devices/iothubs\" | where name contains \"iot\"", - "querySubscriptions": [ - "075423e9-7d33-4166-8bdf-3920b04e3735" - ] - }, - "autoDiscoveredResources": [ - "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735", - "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub" - ], - "recommendationsConfiguration": [ + "thresholdRules": [], + "timeWindowRules": [ + { + "ruleType": "ActiveConnectionsNotInAllowedRange", + "displayName": "Number of active connections is not in allowed range", + "description": "Get an alert when the number of active connections of a device in the time window is not in the allowed range", + "isEnabled": true, + "minThreshold": 0, + "maxThreshold": 30, + "timeWindowSize": "PT05M" + }, + { + "ruleType": "AmqpC2DMessagesNotInAllowedRange", + "displayName": "Number of cloud to device messages (AMQP protocol) is not in allowed range", + "description": "Get an alert when the number of cloud to device messages (AMQP protocol) in the time window is not in the allowed range", + "isEnabled": false, + "minThreshold": 0, + "maxThreshold": 0, + "timeWindowSize": "PT15M" + }, { - "recommendationType": "IoT_ACRAuthentication", - "name": "Service Principal Not Used with ACR", - "status": "Enabled" + "ruleType": "MqttC2DMessagesNotInAllowedRange", + "displayName": "Number of cloud to device messages (MQTT protocol) is not in allowed range", + "description": "Get an alert when the number of cloud to device messages (MQTT protocol) in the time window is not in the allowed range", + "isEnabled": false, + "minThreshold": 0, + "maxThreshold": 0, + "timeWindowSize": "PT15M" }, { - "recommendationType": "IoT_AgentSendsUnutilizedMessages", - "name": "Agent sending underutilized messages", - "status": "TurnedOn" + "ruleType": "HttpC2DMessagesNotInAllowedRange", + "displayName": "Number of cloud to device messages (HTTP protocol) is not in allowed range", + "description": "Get an alert when the number of cloud to device messages (HTTP protocol) in the time window is not in the allowed range", + "isEnabled": false, + "minThreshold": 0, + "maxThreshold": 0, + "timeWindowSize": "PT15M" }, { - "recommendationType": "IoT_Baseline", - "name": "Operating system (OS) baseline validation failure", - "status": "Enabled" + "ruleType": "AmqpC2DRejectedMessagesNotInAllowedRange", + "displayName": "Number of rejected cloud to device messages (AMQP protocol) is not in allowed range", + "description": "Get an alert when the number of cloud to device messages (AMQP protocol) that were rejected by the device in the time window is not in the allowed range", + "isEnabled": false, + "minThreshold": 0, + "maxThreshold": 0, + "timeWindowSize": "PT15M" }, { - "recommendationType": "IoT_EdgeHubMemOptimize", - "name": "Edge Hub memory can be optimized", - "status": "Enabled" + "ruleType": "MqttC2DRejectedMessagesNotInAllowedRange", + "displayName": "Number of rejected cloud to device messages (MQTT protocol) is not in allowed range", + "description": "Get an alert when the number of cloud to device messages (MQTT protocol) that were rejected by the device in the time window is not in the allowed range", + "isEnabled": false, + "minThreshold": 0, + "maxThreshold": 0, + "timeWindowSize": "PT15M" }, { - "recommendationType": "IoT_EdgeLoggingOptions", - "name": "No Logging Configured for Edge Module", - "status": "Enabled" + "ruleType": "HttpC2DRejectedMessagesNotInAllowedRange", + "displayName": "Number of rejected cloud to device messages (HTTP protocol) is not in allowed range", + "description": "Get an alert when the number of cloud to device messages (HTTP protocol) that were rejected by the device in the time window is not in the allowed range", + "isEnabled": false, + "minThreshold": 0, + "maxThreshold": 0, + "timeWindowSize": "PT15M" }, { - "recommendationType": "IoT_InconsistentModuleSettings", - "name": "Module Settings Inconsistent in SecurityGroup", - "status": "Enabled" + "ruleType": "AmqpD2CMessagesNotInAllowedRange", + "displayName": "Number of device to cloud messages (AMQP protocol) is not in allowed range", + "description": "Get an alert when the number of device to cloud messages (AMQP protocol) in the time window is not in the allowed range", + "isEnabled": false, + "minThreshold": 0, + "maxThreshold": 0, + "timeWindowSize": "PT15M" }, { - "recommendationType": "IoT_InstallAgent", - "name": "Install the Azure Security of Things Agent", - "status": "Enabled" + "ruleType": "MqttD2CMessagesNotInAllowedRange", + "displayName": "Number of device to cloud messages (MQTT protocol) is not in allowed range", + "description": "Get an alert when the number of device to cloud messages (MQTT protocol) in the time window is not in the allowed range", + "isEnabled": false, + "minThreshold": 0, + "maxThreshold": 0, + "timeWindowSize": "PT15M" }, { - "recommendationType": "IoT_IPFilter_DenyAll", - "name": "Default IP Filter Policy should be Deny", - "status": "Enabled" + "ruleType": "HttpD2CMessagesNotInAllowedRange", + "displayName": "Number of device to cloud messages (HTTP protocol) is not in allowed range", + "description": "Get an alert when the number of device to cloud messages (HTTP protocol) in the time window is not in the allowed range", + "isEnabled": false, + "minThreshold": 0, + "maxThreshold": 0, + "timeWindowSize": "PT15M" }, { - "recommendationType": "IoT_IPFilter_PermissiveRule", - "name": "IP Filter rule includes large IP range", - "status": "Enabled" + "ruleType": "DirectMethodInvokesNotInAllowedRange", + "displayName": "Number of direct method invokes is not in allowed range", + "description": "Get an alert when the number of direct method invokes in the time window is not in the allowed range", + "isEnabled": false, + "minThreshold": 0, + "maxThreshold": 0, + "timeWindowSize": "PT15M" }, { - "recommendationType": "IoT_OpenPorts", - "name": "Open Ports On Device", - "status": "Disabled" + "ruleType": "FailedLocalLoginsNotInAllowedRange", + "displayName": "Number of failed local logins is not in allowed range", + "description": "Get an alert when the number of failed local logins on the device in the time window is not in the allowed range", + "isEnabled": false, + "minThreshold": 0, + "maxThreshold": 0, + "timeWindowSize": "PT15M" }, { - "recommendationType": "IoT_PermissiveFirewallPolicy", - "name": "Permissive firewall policy in one of the chains was found", - "status": "Enabled" + "ruleType": "FileUploadsNotInAllowedRange", + "displayName": "Number of file uploads is not in allowed range", + "description": "Get an alert when the number of file uploads from the device to the cloud in the time window is not in the allowed range", + "isEnabled": false, + "minThreshold": 0, + "maxThreshold": 0, + "timeWindowSize": "PT15M" }, { - "recommendationType": "IoT_PermissiveInputFirewallRules", - "name": "Permissive firewall rule in the input chain was found", - "status": "Enabled" + "ruleType": "QueuePurgesNotInAllowedRange", + "displayName": "Number of device queue purges is not in allowed range", + "description": "Get an alert when the number of device queue purges in the time window is not in the allowed range", + "isEnabled": false, + "minThreshold": 0, + "maxThreshold": 0, + "timeWindowSize": "PT15M" }, { - "recommendationType": "IoT_PermissiveOutputFirewallRules", - "name": "Permissive firewall rule in the output chain was found", - "status": "Enabled" + "ruleType": "TwinUpdatesNotInAllowedRange", + "displayName": "Number of twin updates is not in allowed range", + "description": "Get an alert when the number of twin updates (by the device or the service) in the time window is not in the allowed range", + "isEnabled": false, + "minThreshold": 0, + "maxThreshold": 0, + "timeWindowSize": "PT15M" }, { - "recommendationType": "IoT_PrivilegedDockerOptions", - "name": "High level permissions configured in Edge model twin for Edge module", - "status": "Enabled" + "ruleType": "UnauthorizedOperationsNotInAllowedRange", + "displayName": "Number of unauthorized operations is not in allowed range", + "description": "Get an alert when the number unauthorized operations in the time window is not in the allowed range. Unauthorized operations are operations that affect the device (or done by it) that fail because of an unauthorized error", + "isEnabled": false, + "minThreshold": 0, + "maxThreshold": 0, + "timeWindowSize": "PT15M" + } + ], + "allowlistRules": [ + { + "ruleType": "ConnectionToIpNotAllowed", + "displayName": "Outbound connection to an ip that isn't allowed", + "description": "Get an alert when an outbound connection is created between your device and an ip that isn't allowed", + "isEnabled": false, + "allowlistValues": [] }, { - "recommendationType": "IoT_SharedCredentials", - "name": "Same Authentication Credentials used by multiple devices", - "status": "Disabled" + "ruleType": "LocalUserNotAllowed", + "displayName": "Login by a local user that isn't allowed", + "description": "Get an alert when a local user that isn't allowed logins to the device", + "isEnabled": false, + "allowlistValues": [] }, { - "recommendationType": "IoT_VulnerableTLSCipherSuite", - "name": "TLS cipher suite upgrade", - "status": "Enabled" + "ruleType": "ProcessNotAllowed", + "displayName": "Execution of a process that isn't allowed", + "description": "Get an alert when a process that isn't allowed is executed", + "isEnabled": false, + "allowlistValues": [] } - ] + ], + "denylistRules": [] } } }, "201": { "body": { - "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/Locations/eastus/IoTSecuritySolutions/default", - "name": "default", - "type": "Microsoft.Security/IoTSecuritySolutions", - "location": "East Us", - "tags": {}, + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SampleRG/providers/Microsoft.Devices/iotHubs/sampleiothub/providers/Microsoft.Security/deviceSecurityGroups/samplesecuritygroup", + "name": "samplesecuritygroup", + "type": "Microsoft.Security/deviceSecurityGroups", "properties": { - "workspace": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1", - "status": "Enabled", - "export": [], - "disabledDataSources": [], - "displayName": "Solution Default", - "iotHubs": [ - "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub" - ], - "userDefinedResources": { - "query": "where type != \"microsoft.devices/iothubs\" | where name contains \"iot\"", - "querySubscriptions": [ - "075423e9-7d33-4166-8bdf-3920b04e3735" - ] - }, - "autoDiscoveredResources": [ - "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735", - "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub" - ], - "recommendationsConfiguration": [ + "thresholdRules": [], + "timeWindowRules": [ + { + "ruleType": "ActiveConnectionsNotInAllowedRange", + "displayName": "Number of active connections is not in allowed range", + "description": "Get an alert when the number of active connections of a device in the time window is not in the allowed range", + "isEnabled": true, + "minThreshold": 0, + "maxThreshold": 30, + "timeWindowSize": "PT05M" + }, { - "recommendationType": "IoT_ACRAuthentication", - "name": "Service Principal Not Used with ACR", - "status": "Enabled" + "ruleType": "AmqpC2DMessagesNotInAllowedRange", + "displayName": "Number of cloud to device messages (AMQP protocol) is not in allowed range", + "description": "Get an alert when the number of cloud to device messages (AMQP protocol) in the time window is not in the allowed range", + "isEnabled": false, + "minThreshold": 0, + "maxThreshold": 0, + "timeWindowSize": "PT15M" }, { - "recommendationType": "IoT_AgentSendsUnutilizedMessages", - "name": "Agent sending underutilized messages", - "status": "TurnedOn" + "ruleType": "MqttC2DMessagesNotInAllowedRange", + "displayName": "Number of cloud to device messages (MQTT protocol) is not in allowed range", + "description": "Get an alert when the number of cloud to device messages (MQTT protocol) in the time window is not in the allowed range", + "isEnabled": false, + "minThreshold": 0, + "maxThreshold": 0, + "timeWindowSize": "PT15M" }, { - "recommendationType": "IoT_Baseline", - "name": "Operating system (OS) baseline validation failure", - "status": "Enabled" + "ruleType": "HttpC2DMessagesNotInAllowedRange", + "displayName": "Number of cloud to device messages (HTTP protocol) is not in allowed range", + "description": "Get an alert when the number of cloud to device messages (HTTP protocol) in the time window is not in the allowed range", + "isEnabled": false, + "minThreshold": 0, + "maxThreshold": 0, + "timeWindowSize": "PT15M" }, { - "recommendationType": "IoT_EdgeHubMemOptimize", - "name": "Edge Hub memory can be optimized", - "status": "Enabled" + "ruleType": "AmqpC2DRejectedMessagesNotInAllowedRange", + "displayName": "Number of rejected cloud to device messages (AMQP protocol) is not in allowed range", + "description": "Get an alert when the number of cloud to device messages (AMQP protocol) that were rejected by the device in the time window is not in the allowed range", + "isEnabled": false, + "minThreshold": 0, + "maxThreshold": 0, + "timeWindowSize": "PT15M" }, { - "recommendationType": "IoT_EdgeLoggingOptions", - "name": "No Logging Configured for Edge Module", - "status": "Enabled" + "ruleType": "MqttC2DRejectedMessagesNotInAllowedRange", + "displayName": "Number of rejected cloud to device messages (MQTT protocol) is not in allowed range", + "description": "Get an alert when the number of cloud to device messages (MQTT protocol) that were rejected by the device in the time window is not in the allowed range", + "isEnabled": false, + "minThreshold": 0, + "maxThreshold": 0, + "timeWindowSize": "PT15M" }, { - "recommendationType": "IoT_InconsistentModuleSettings", - "name": "Module Settings Inconsistent in SecurityGroup", - "status": "Enabled" + "ruleType": "HttpC2DRejectedMessagesNotInAllowedRange", + "displayName": "Number of rejected cloud to device messages (HTTP protocol) is not in allowed range", + "description": "Get an alert when the number of cloud to device messages (HTTP protocol) that were rejected by the device in the time window is not in the allowed range", + "isEnabled": false, + "minThreshold": 0, + "maxThreshold": 0, + "timeWindowSize": "PT15M" }, { - "recommendationType": "IoT_InstallAgent", - "name": "Install the Azure Security of Things Agent", - "status": "Enabled" + "ruleType": "AmqpD2CMessagesNotInAllowedRange", + "displayName": "Number of device to cloud messages (AMQP protocol) is not in allowed range", + "description": "Get an alert when the number of device to cloud messages (AMQP protocol) in the time window is not in the allowed range", + "isEnabled": false, + "minThreshold": 0, + "maxThreshold": 0, + "timeWindowSize": "PT15M" }, { - "recommendationType": "IoT_IPFilter_DenyAll", - "name": "Default IP Filter Policy should be Deny", - "status": "Enabled" + "ruleType": "MqttD2CMessagesNotInAllowedRange", + "displayName": "Number of device to cloud messages (MQTT protocol) is not in allowed range", + "description": "Get an alert when the number of device to cloud messages (MQTT protocol) in the time window is not in the allowed range", + "isEnabled": false, + "minThreshold": 0, + "maxThreshold": 0, + "timeWindowSize": "PT15M" }, { - "recommendationType": "IoT_IPFilter_PermissiveRule", - "name": "IP Filter rule includes large IP range", - "status": "Enabled" + "ruleType": "HttpD2CMessagesNotInAllowedRange", + "displayName": "Number of device to cloud messages (HTTP protocol) is not in allowed range", + "description": "Get an alert when the number of device to cloud messages (HTTP protocol) in the time window is not in the allowed range", + "isEnabled": false, + "minThreshold": 0, + "maxThreshold": 0, + "timeWindowSize": "PT15M" }, { - "recommendationType": "IoT_OpenPorts", - "name": "Open Ports On Device", - "status": "Disabled" + "ruleType": "DirectMethodInvokesNotInAllowedRange", + "displayName": "Number of direct method invokes is not in allowed range", + "description": "Get an alert when the number of direct method invokes in the time window is not in the allowed range", + "isEnabled": false, + "minThreshold": 0, + "maxThreshold": 0, + "timeWindowSize": "PT15M" }, { - "recommendationType": "IoT_PermissiveFirewallPolicy", - "name": "Permissive firewall policy in one of the chains was found", - "status": "Enabled" + "ruleType": "FailedLocalLoginsNotInAllowedRange", + "displayName": "Number of failed local logins is not in allowed range", + "description": "Get an alert when the number of failed local logins on the device in the time window is not in the allowed range", + "isEnabled": false, + "minThreshold": 0, + "maxThreshold": 0, + "timeWindowSize": "PT15M" }, { - "recommendationType": "IoT_PermissiveInputFirewallRules", - "name": "Permissive firewall rule in the input chain was found", - "status": "Enabled" + "ruleType": "FileUploadsNotInAllowedRange", + "displayName": "Number of file uploads is not in allowed range", + "description": "Get an alert when the number of file uploads from the device to the cloud in the time window is not in the allowed range", + "isEnabled": false, + "minThreshold": 0, + "maxThreshold": 0, + "timeWindowSize": "PT15M" }, { - "recommendationType": "IoT_PermissiveOutputFirewallRules", - "name": "Permissive firewall rule in the output chain was found", - "status": "Enabled" + "ruleType": "QueuePurgesNotInAllowedRange", + "displayName": "Number of device queue purges is not in allowed range", + "description": "Get an alert when the number of device queue purges in the time window is not in the allowed range", + "isEnabled": false, + "minThreshold": 0, + "maxThreshold": 0, + "timeWindowSize": "PT15M" }, { - "recommendationType": "IoT_PrivilegedDockerOptions", - "name": "High level permissions configured in Edge model twin for Edge module", - "status": "Enabled" + "ruleType": "TwinUpdatesNotInAllowedRange", + "displayName": "Number of twin updates is not in allowed range", + "description": "Get an alert when the number of twin updates (by the device or the service) in the time window is not in the allowed range", + "isEnabled": false, + "minThreshold": 0, + "maxThreshold": 0, + "timeWindowSize": "PT15M" }, { - "recommendationType": "IoT_SharedCredentials", - "name": "Same Authentication Credentials used by multiple devices", - "status": "Disabled" + "ruleType": "UnauthorizedOperationsNotInAllowedRange", + "displayName": "Number of unauthorized operations is not in allowed range", + "description": "Get an alert when the number unauthorized operations in the time window is not in the allowed range. Unauthorized operations are operations that affect the device (or done by it) that fail because of an unauthorized error", + "isEnabled": false, + "minThreshold": 0, + "maxThreshold": 0, + "timeWindowSize": "PT15M" + } + ], + "allowlistRules": [ + { + "ruleType": "ConnectionToIpNotAllowed", + "displayName": "Outbound connection to an ip that isn't allowed", + "description": "Get an alert when an outbound connection is created between your device and an ip that isn't allowed", + "isEnabled": false, + "allowlistValues": [] + }, + { + "ruleType": "LocalUserNotAllowed", + "displayName": "Login by a local user that isn't allowed", + "description": "Get an alert when a local user that isn't allowed logins to the device", + "isEnabled": false, + "allowlistValues": [] }, { - "recommendationType": "IoT_VulnerableTLSCipherSuite", - "name": "TLS cipher suite upgrade", - "status": "Enabled" + "ruleType": "ProcessNotAllowed", + "displayName": "Execution of a process that isn't allowed", + "description": "Get an alert when a process that isn't allowed is executed", + "isEnabled": false, + "allowlistValues": [] } - ] + ], + "denylistRules": [] } } } diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/CreateIoTSecuritySolution.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/CreateIoTSecuritySolution.json index 5bd00e0eb529..7bdfa835dfbe 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/CreateIoTSecuritySolution.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/CreateIoTSecuritySolution.json @@ -146,6 +146,14 @@ } ], "unmaskedIpLoggingStatus": "Enabled" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" } } }, @@ -258,6 +266,14 @@ } ], "unmaskedIpLoggingStatus": "Enabled" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" } } } diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolution.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolution.json index 52cc5b5d3fc1..bce6fe0ef924 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolution.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolution.json @@ -115,6 +115,14 @@ } ], "unmaskedIpLoggingStatus": "Enabled" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" } } } diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsList.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsList.json index df5192683388..aa64fd1bed56 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsList.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsList.json @@ -115,6 +115,14 @@ } ], "unmaskedIpLoggingStatus": "Enabled" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" } }, { @@ -227,6 +235,14 @@ } ], "unmaskedIpLoggingStatus": "Enabled" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" } } ] diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByIotHub.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByIotHub.json index 50fee5736079..85673aa813bd 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByIotHub.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByIotHub.json @@ -118,6 +118,14 @@ } ], "unmaskedIpLoggingStatus": "Enabled" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" } } ] diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByIotHubAndRg.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByIotHubAndRg.json index e1beca8cbbee..9990d3436695 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByIotHubAndRg.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByIotHubAndRg.json @@ -119,6 +119,14 @@ } ], "unmaskedIpLoggingStatus": "Enabled" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" } } ] diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByRg.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByRg.json index 639c177b9840..badd9637160c 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByRg.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/GetIoTSecuritySolutionsListByRg.json @@ -116,6 +116,14 @@ } ], "unmaskedIpLoggingStatus": "Enabled" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" } } ] diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/UpdateIoTSecuritySolution.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/UpdateIoTSecuritySolution.json index eaf11259d4d9..af913f2b8c64 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/UpdateIoTSecuritySolution.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutions/UpdateIoTSecuritySolution.json @@ -142,6 +142,14 @@ } ], "unmaskedIpLoggingStatus": "Enabled" + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-27T21:53:29.0928001Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-27T21:53:29.0928001Z" } } } diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IotAlerts/GetIoTAlert.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IotAlerts/GetIoTAlert.json index a93e1cf0bc37..b6080c0bbee4 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IotAlerts/GetIoTAlert.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IotAlerts/GetIoTAlert.json @@ -9,6 +9,9 @@ "responses": { "200": { "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Devices/iotHubs/myIotHub/providers/Microsoft.Security/iotAlerts/903e76ff-17eb-4bac-ac8a-2bc31ab68fd8", + "name": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8", + "type": "Microsoft.Security/iotAlerts", "properties": { "systemAlertId": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8", "compromisedEntity": "device-1", diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IotAlerts/GetIoTAlertList.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IotAlerts/GetIoTAlertList.json index 55f00f4e099a..71ad87f6b563 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IotAlerts/GetIoTAlertList.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IotAlerts/GetIoTAlertList.json @@ -15,6 +15,9 @@ "body": { "value": [ { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Devices/iotHubs/myIotHub/providers/Microsoft.Security/iotAlerts/903e76ff-17eb-4bac-ac8a-2bc31ab68fd8", + "name": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8", + "type": "Microsoft.Security/iotAlerts", "properties": { "systemAlertId": "903e76ff-17eb-4bac-ac8a-2bc31ab68fd8", "compromisedEntity": "device-1", diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json index 13dddab9a5fb..80edda405ee5 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotAlerts.json @@ -209,7 +209,12 @@ "description": "Alert properties", "$ref": "#/definitions/IotAlertProperties" } - } + }, + "allOf": [ + { + "$ref": "../../../common/v1/types.json#/definitions/Resource" + } + ] }, "IotAlertProperties": { "type": "object", diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotSecuritySolutionAnalytics.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotSecuritySolutionAnalytics.json index b583c5a4ec44..f57eaa3a09b0 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotSecuritySolutionAnalytics.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotSecuritySolutionAnalytics.json @@ -148,7 +148,8 @@ "in": "query", "description": "Number of results to retrieve.", "required": false, - "type": "integer" + "type": "integer", + "format": "int32" } ], "responses": { @@ -332,7 +333,8 @@ "in": "query", "description": "Number of results to retrieve.", "required": false, - "type": "integer" + "type": "integer", + "format": "int32" } ], "responses": { @@ -362,14 +364,17 @@ "properties": { "high": { "type": "integer", + "format": "int64", "description": "Count of high severity alerts/recommendations." }, "medium": { "type": "integer", + "format": "int64", "description": "Count of medium severity alerts/recommendations." }, "low": { "type": "integer", + "format": "int64", "description": "Count of low severity alerts/recommendations." } } @@ -401,6 +406,7 @@ }, "unhealthyDeviceCount": { "type": "integer", + "format": "int64", "readOnly": true, "description": "Number of unhealthy devices within your IoT Security solution." }, @@ -607,6 +613,7 @@ "count": { "readOnly": true, "type": "integer", + "format": "int64", "description": "Number of alerts occurrences within the aggregated time window." }, "effectedResourceType": { @@ -643,6 +650,7 @@ "alertsCount": { "readOnly": true, "type": "integer", + "format": "int64", "description": "Number of alerts raised for this device." }, "lastOccurrence": { @@ -739,11 +747,13 @@ "healthyDevices": { "readOnly": true, "type": "integer", + "format": "int64", "description": "Number of healthy devices within the IoT Security solution." }, "unhealthyDeviceCount": { "readOnly": true, "type": "integer", + "format": "int64", "description": "Number of unhealthy devices within the IoT Security solution." }, "logAnalyticsQuery": { @@ -765,6 +775,7 @@ "alertsCount": { "readOnly": true, "type": "integer", + "format": "int64", "description": "Number of alerts raised for this device." } } @@ -810,6 +821,7 @@ "alertsCount": { "readOnly": true, "type": "integer", + "format": "int64", "description": "Number of alerts raised for this alert type." } } @@ -855,6 +867,7 @@ "devicesCount": { "readOnly": true, "type": "integer", + "format": "int64", "description": "Number of devices with this recommendation." } } diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotSecuritySolutions.json b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotSecuritySolutions.json index 8ff974f8c864..da3ac55cc853 100644 --- a/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotSecuritySolutions.json +++ b/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotSecuritySolutions.json @@ -347,6 +347,12 @@ "x-ms-client-flatten": true, "description": "Security Solution data", "$ref": "#/definitions/IoTSecuritySolutionProperties" + }, + "systemData": { + "readOnly": true, + "type": "object", + "description": "Azure Resource Manager metadata containing createdBy and modifiedBy information.", + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/systemData" } }, "allOf": [ @@ -478,6 +484,13 @@ } ] } + }, + "additionalWorkspaces": { + "type": "array", + "description": "List of additional workspaces", + "items": { + "$ref": "#/definitions/AdditionalWorkspacesProperties" + } } }, "required": [ @@ -649,6 +662,44 @@ "$ref": "#/definitions/TagsResource" } ] + }, + "AdditionalWorkspacesProperties": { + "type": "object", + "description": "Properties of the additional workspaces.", + "properties": { + "workspace": { + "type": "string", + "description": "Workspace resource id" + }, + "type": { + "type": "string", + "enum": [ + "Sentinel" + ], + "default": "Sentinel", + "description": "Workspace type.", + "x-ms-enum": { + "name": "AdditionalWorkspaceType", + "modelAsString": true + } + }, + "dataTypes": { + "type": "array", + "description": "List of data types sent to workspace", + "items": { + "type": "string", + "enum": [ + "Alerts", + "RawEvents" + ], + "description": "Data types sent to workspace.", + "x-ms-enum": { + "name": "AdditionalWorkspaceDataType", + "modelAsString": true + } + } + } + } } }, "parameters": { diff --git a/specification/security/resource-manager/common/v1/types.json b/specification/security/resource-manager/common/v1/types.json index bfb922e1a2f0..827a00963f37 100644 --- a/specification/security/resource-manager/common/v1/types.json +++ b/specification/security/resource-manager/common/v1/types.json @@ -9,11 +9,11 @@ "CloudError": { "x-ms-external": true, "type": "object", - "description": "Error response structure.", + "description": "Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).", "properties": { "error": { "x-ms-client-flatten": true, - "description": "Error data", + "description": "The error object.", "$ref": "#/definitions/CloudErrorBody" } } @@ -21,20 +21,56 @@ "CloudErrorBody": { "x-ms-external": true, "type": "object", - "description": "Error details.", + "description": "The error detail.", "properties": { "code": { "readOnly": true, "type": "string", - "description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically." + "description": "The error code." }, "message": { "readOnly": true, "type": "string", - "description": "A message describing the error, intended to be suitable for display in a user interface." + "description": "The error message." + }, + "target": { + "readOnly": true, + "type": "string", + "description": "The error target." + }, + "details": { + "readOnly": true, + "type": "array", + "items": { + "$ref": "#/definitions/CloudErrorBody" + }, + "description": "The error details." + }, + "additionalInfo": { + "readOnly": true, + "type": "array", + "items": { + "$ref": "#/definitions/ErrorAdditionalInfo" + }, + "description": "The error additional info." } } }, + "ErrorAdditionalInfo": { + "properties": { + "type": { + "readOnly": true, + "type": "string", + "description": "The additional info type." + }, + "info": { + "readOnly": true, + "type": "object", + "description": "The additional info." + } + }, + "description": "The resource management error additional info." + }, "Resource": { "type": "object", "description": "Describes an Azure resource.",