{
"swagger": "2.0",
"schemes": [
"https"
],
"host": "management.azure.com",
"info": {
"description": "API spec for Microsoft.Security (Azure Security Center) resource provider",
"title": "Security Center",
"version": "2019-01-01-preview",
"x-apisguru-categories": [
"cloud"
],
"x-logo": {
"url": "https://api.apis.guru/v2/cache/logo/https_assets.onestore.ms_cdnfiles_onestorerolling-1606-01000_shell_v3_images_logo_microsoft.png"
},
"x-origin": [
{
"format": "swagger",
"url": "https://raw.githubusercontent.com/Azure/azure-rest-api-specs/master/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/assessmentMetadata.json",
"version": "2.0"
}
],
"x-preferred": false,
"x-providerName": "azure.com",
"x-serviceName": "security-assessmentMetadata",
"x-tags": [
"Azure",
"Microsoft"
]
},
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"securityDefinitions": {
"azure_auth": {
"authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize",
"description": "Azure Active Directory OAuth2 Flow",
"flow": "implicit",
"scopes": {
"user_impersonation": "impersonate your user account"
},
"type": "oauth2"
}
},
"security": [
{
"azure_auth": [
"user_impersonation"
]
}
],
"parameters": {
"AssessmentsMetadataName": {
"description": "The Assessment Key - Unique key for the assessment type",
"in": "path",
"name": "assessmentMetadataName",
"required": true,
"type": "string",
"x-ms-parameter-location": "method"
},
"SecurityAssessmentMetadata": {
"description": "AssessmentMetadata object",
"in": "body",
"name": "assessmentMetadata",
"required": true,
"schema": {
"$ref": "#/definitions/SecurityAssessmentMetadata"
},
"x-ms-parameter-location": "method"
}
},
"paths": {
"/providers/Microsoft.Security/assessmentMetadata": {
"get": {
"description": "Get metadata information on all assessment types",
"operationId": "AssessmentsMetadata_List",
"parameters": [
{
"description": "API version for the operation",
"in": "query",
"name": "api-version",
"required": true,
"type": "string"
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/SecurityAssessmentMetadataList"
}
},
"default": {
"description": "Error response describing why the operation failed.",
"schema": {
"description": "Error response structure.",
"properties": {
"error": {
"description": "Error details.",
"properties": {
"code": {
"description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.",
"readOnly": true,
"type": "string"
},
"message": {
"description": "A message describing the error, intended to be suitable for display in a user interface.",
"readOnly": true,
"type": "string"
}
},
"type": "object",
"x-ms-external": true
}
},
"type": "object",
"x-ms-external": true
}
}
},
"tags": [
"Assessments Metadata"
],
"x-ms-examples": {
"List security assessment metadata": {
"parameters": {
"api-version": "2019-01-01-preview"
},
"responses": {
"200": {
"body": {
"value": [
{
"id": "/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b",
"name": "21300918-b2e3-0346-785f-c77ff57d243b",
"properties": {
"assessmentType": "BuiltIn",
"category": [
"Compute"
],
"description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.",
"displayName": "Install endpoint protection solution on virtual machine scale sets",
"implementationEffort": "Low",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de",
"remediationDescription": "To install an endpoint protection solution: 1. Follow the instructions in How do I turn on antimalware in my virtual machine scale set",
"severity": "Medium",
"threats": [
"dataExfiltration",
"dataSpillage",
"maliciousInsider"
],
"userImpact": "Low"
},
"type": "Microsoft.Security/assessmentMetadata"
},
{
"id": "/providers/Microsoft.Security/assessmentMetadata/bc303248-3d14-44c2-96a0-55f5c326b5fe",
"name": "bc303248-3d14-44c2-96a0-55f5c326b5fe",
"properties": {
"assessmentType": "CustomPolicy",
"category": [
"Networking"
],
"description": "Open remote management ports expose your VM to a high level of risk from internet-based attacks that attempt to brute force credentials to gain admin access to the machine.",
"displayName": "Close management ports on your virtual machines",
"implementationEffort": "Low",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917",
"preview": true,
"remediationDescription": "We recommend that you edit the inbound rules of the below virtual machines to restrict access to specific source ranges.
To restrict the access to your virtual machines: 1. Click on a VM from the list below 2. At the 'Networking' blade, click on each of the rules that allow management ports (e.g. RDP-3389, WINRM-5985, SSH-22) 3. Change the 'Action' property to 'Deny' 4. Click 'Save'",
"severity": "Medium",
"threats": [
"dataExfiltration",
"dataSpillage",
"maliciousInsider"
],
"userImpact": "High"
},
"type": "Microsoft.Security/assessmentMetadata"
},
{
"id": "/providers/Microsoft.Security/assessmentMetadata/ca039e75-a276-4175-aebc-bcd41e4b14b7",
"name": "ca039e75-a276-4175-aebc-bcd41e4b14b7",
"properties": {
"assessmentType": "CustomerManaged",
"category": [
"Compute"
],
"description": "Assessment that my organization created to view our security assessment in Azure Security Center",
"displayName": "My organization security assessment",
"implementationEffort": "Low",
"remediationDescription": "Fix it with these remediation instructions",
"severity": "Medium",
"threats": [],
"userImpact": "Low"
},
"type": "Microsoft.Security/assessmentMetadata"
}
]
}
}
}
}
},
"x-ms-pageable": {
"nextLinkName": "nextLink"
}
}
},
"/providers/Microsoft.Security/assessmentMetadata/{assessmentMetadataName}": {
"get": {
"description": "Get metadata information on an assessment type",
"operationId": "AssessmentsMetadata_Get",
"parameters": [
{
"description": "API version for the operation",
"in": "query",
"name": "api-version",
"required": true,
"type": "string"
},
{
"$ref": "#/parameters/AssessmentsMetadataName"
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/SecurityAssessmentMetadata"
}
},
"default": {
"description": "Error response describing why the operation failed.",
"schema": {
"description": "Error response structure.",
"properties": {
"error": {
"description": "Error details.",
"properties": {
"code": {
"description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.",
"readOnly": true,
"type": "string"
},
"message": {
"description": "A message describing the error, intended to be suitable for display in a user interface.",
"readOnly": true,
"type": "string"
}
},
"type": "object",
"x-ms-external": true
}
},
"type": "object",
"x-ms-external": true
}
}
},
"tags": [
"Assessments Metadata"
],
"x-ms-examples": {
"Get security assessment metadata": {
"parameters": {
"api-version": "2019-01-01-preview",
"assessmentMetadataName": "21300918-b2e3-0346-785f-c77ff57d243b"
},
"responses": {
"200": {
"body": {
"id": "/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b",
"name": "21300918-b2e3-0346-785f-c77ff57d243b",
"properties": {
"assessmentType": "BuiltIn",
"category": [
"Compute"
],
"description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.",
"displayName": "Install endpoint protection solution on virtual machine scale sets",
"implementationEffort": "Low",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de",
"remediationDescription": "To install an endpoint protection solution: 1. Follow the instructions in How do I turn on antimalware in my virtual machine scale set",
"severity": "Medium",
"threats": [
"dataExfiltration",
"dataSpillage",
"maliciousInsider"
],
"userImpact": "Low"
},
"type": "Microsoft.Security/assessmentMetadata"
}
}
}
}
}
}
},
"/subscriptions/{subscriptionId}/providers/Microsoft.Security/assessmentMetadata": {
"get": {
"description": "Get metadata information on all assessment types in a specific subscription",
"operationId": "AssessmentsMetadataSubscription_List",
"parameters": [
{
"description": "API version for the operation",
"in": "query",
"name": "api-version",
"required": true,
"type": "string"
},
{
"description": "Azure subscription ID",
"in": "path",
"name": "subscriptionId",
"pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$",
"required": true,
"type": "string"
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/SecurityAssessmentMetadataList"
}
},
"default": {
"description": "Error response describing why the operation failed.",
"schema": {
"description": "Error response structure.",
"properties": {
"error": {
"description": "Error details.",
"properties": {
"code": {
"description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.",
"readOnly": true,
"type": "string"
},
"message": {
"description": "A message describing the error, intended to be suitable for display in a user interface.",
"readOnly": true,
"type": "string"
}
},
"type": "object",
"x-ms-external": true
}
},
"type": "object",
"x-ms-external": true
}
}
},
"tags": [
"Assessments Metadata"
],
"x-ms-examples": {
"List security assessment metadata for subscription": {
"parameters": {
"api-version": "2019-01-01-preview",
"subscriptionId": "0980887d-03d6-408c-9566-532f3456804e"
},
"responses": {
"200": {
"body": {
"value": [
{
"id": "/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b",
"name": "21300918-b2e3-0346-785f-c77ff57d243b",
"properties": {
"assessmentType": "BuiltIn",
"category": [
"Compute"
],
"description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.",
"displayName": "Install endpoint protection solution on virtual machine scale sets",
"implementationEffort": "Low",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de",
"remediationDescription": "To install an endpoint protection solution: 1. Follow the instructions in How do I turn on antimalware in my virtual machine scale set",
"severity": "Medium",
"threats": [
"dataExfiltration",
"dataSpillage",
"maliciousInsider"
],
"userImpact": "Low"
},
"type": "Microsoft.Security/assessmentMetadata"
},
{
"id": "/providers/Microsoft.Security/assessmentMetadata/bc303248-3d14-44c2-96a0-55f5c326b5fe",
"name": "bc303248-3d14-44c2-96a0-55f5c326b5fe",
"properties": {
"assessmentType": "CustomPolicy",
"category": [
"Networking"
],
"description": "Open remote management ports expose your VM to a high level of risk from internet-based attacks that attempt to brute force credentials to gain admin access to the machine.",
"displayName": "Close management ports on your virtual machines",
"implementationEffort": "Low",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917",
"preview": true,
"remediationDescription": "We recommend that you edit the inbound rules of the below virtual machines to restrict access to specific source ranges.
To restrict the access to your virtual machines: 1. Click on a VM from the list below 2. At the 'Networking' blade, click on each of the rules that allow management ports (e.g. RDP-3389, WINRM-5985, SSH-22) 3. Change the 'Action' property to 'Deny' 4. Click 'Save'",
"severity": "Medium",
"threats": [
"dataExfiltration",
"dataSpillage",
"maliciousInsider"
],
"userImpact": "High"
},
"type": "Microsoft.Security/assessmentMetadata"
}
]
}
}
}
}
},
"x-ms-pageable": {
"nextLinkName": "nextLink"
}
}
},
"/subscriptions/{subscriptionId}/providers/Microsoft.Security/assessmentMetadata/{assessmentMetadataName}": {
"delete": {
"description": "Delete metadata information on an assessment type in a specific subscription, will cause the deletion of all the assessments of that type in that subscription",
"operationId": "AssessmentsMetadataSubscription_Delete",
"parameters": [
{
"description": "API version for the operation",
"in": "query",
"name": "api-version",
"required": true,
"type": "string"
},
{
"$ref": "#/parameters/AssessmentsMetadataName"
},
{
"description": "Azure subscription ID",
"in": "path",
"name": "subscriptionId",
"pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$",
"required": true,
"type": "string"
}
],
"responses": {
"200": {
"description": "OK"
},
"default": {
"description": "Error response describing why the operation failed.",
"schema": {
"description": "Error response structure.",
"properties": {
"error": {
"description": "Error details.",
"properties": {
"code": {
"description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.",
"readOnly": true,
"type": "string"
},
"message": {
"description": "A message describing the error, intended to be suitable for display in a user interface.",
"readOnly": true,
"type": "string"
}
},
"type": "object",
"x-ms-external": true
}
},
"type": "object",
"x-ms-external": true
}
}
},
"tags": [
"Assessments Metadata"
],
"x-ms-examples": {
"Delete a security assessment metadata for subscription": {
"parameters": {
"api-version": "2019-01-01-preview",
"assessmentMetadataName": "ca039e75-a276-4175-aebc-bcd41e4b14b7",
"subscriptionId": "0980887d-03d6-408c-9566-532f3456804e"
},
"responses": {
"200": {}
}
}
}
},
"get": {
"description": "Get metadata information on an assessment type in a specific subscription",
"operationId": "AssessmentsMetadataSubscription_Get",
"parameters": [
{
"description": "API version for the operation",
"in": "query",
"name": "api-version",
"required": true,
"type": "string"
},
{
"$ref": "#/parameters/AssessmentsMetadataName"
},
{
"description": "Azure subscription ID",
"in": "path",
"name": "subscriptionId",
"pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$",
"required": true,
"type": "string"
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/SecurityAssessmentMetadata"
}
},
"default": {
"description": "Error response describing why the operation failed.",
"schema": {
"description": "Error response structure.",
"properties": {
"error": {
"description": "Error details.",
"properties": {
"code": {
"description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.",
"readOnly": true,
"type": "string"
},
"message": {
"description": "A message describing the error, intended to be suitable for display in a user interface.",
"readOnly": true,
"type": "string"
}
},
"type": "object",
"x-ms-external": true
}
},
"type": "object",
"x-ms-external": true
}
}
},
"tags": [
"Assessments Metadata"
],
"x-ms-examples": {
"Get security assessment metadata for subscription": {
"parameters": {
"api-version": "2019-01-01-preview",
"assessmentMetadataName": "21300918-b2e3-0346-785f-c77ff57d243b",
"subscriptionId": "0980887d-03d6-408c-9566-532f3456804e"
},
"responses": {
"200": {
"body": {
"id": "/providers/Microsoft.Security/assessmentMetadata/21300918-b2e3-0346-785f-c77ff57d243b",
"name": "21300918-b2e3-0346-785f-c77ff57d243b",
"properties": {
"assessmentType": "BuiltIn",
"category": [
"Compute"
],
"description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.",
"displayName": "Install endpoint protection solution on virtual machine scale sets",
"implementationEffort": "Low",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de",
"remediationDescription": "To install an endpoint protection solution: 1. Follow the instructions in How do I turn on antimalware in my virtual machine scale set",
"severity": "Medium",
"threats": [
"dataExfiltration",
"dataSpillage",
"maliciousInsider"
],
"userImpact": "Low"
},
"type": "Microsoft.Security/assessmentMetadata"
}
}
}
}
}
},
"put": {
"description": "Create metadata information on an assessment type in a specific subscription",
"operationId": "AssessmentsMetadataSubscription_Create",
"parameters": [
{
"description": "API version for the operation",
"in": "query",
"name": "api-version",
"required": true,
"type": "string"
},
{
"$ref": "#/parameters/AssessmentsMetadataName"
},
{
"description": "Azure subscription ID",
"in": "path",
"name": "subscriptionId",
"pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$",
"required": true,
"type": "string"
},
{
"$ref": "#/parameters/SecurityAssessmentMetadata"
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/SecurityAssessmentMetadata"
}
},
"default": {
"description": "Error response describing why the operation failed.",
"schema": {
"description": "Error response structure.",
"properties": {
"error": {
"description": "Error details.",
"properties": {
"code": {
"description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.",
"readOnly": true,
"type": "string"
},
"message": {
"description": "A message describing the error, intended to be suitable for display in a user interface.",
"readOnly": true,
"type": "string"
}
},
"type": "object",
"x-ms-external": true
}
},
"type": "object",
"x-ms-external": true
}
}
},
"tags": [
"Assessments Metadata"
],
"x-ms-examples": {
"Create security assessment metadata for subscription": {
"parameters": {
"api-version": "2019-01-01-preview",
"assessmentMetadata": {
"properties": {
"assessmentType": "CustomerManaged",
"category": [
"Compute"
],
"description": "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.",
"displayName": "Install endpoint protection solution on virtual machine scale sets",
"implementationEffort": "Low",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de",
"remediationDescription": "To install an endpoint protection solution: 1. Follow the instructions in How do I turn on antimalware in my virtual machine scale set",
"severity": "Medium",
"threats": [
"dataExfiltration",
"dataSpillage",
"maliciousInsider"
],
"userImpact": "Low"
}
},
"assessmentMetadataName": "ca039e75-a276-4175-aebc-bcd41e4b14b7",
"subscriptionId": "0980887d-03d6-408c-9566-532f3456804e"
},
"responses": {
"200": {
"body": {
"id": "/providers/Microsoft.Security/assessmentMetadata/ca039e75-a276-4175-aebc-bcd41e4b14b7",
"name": "ca039e75-a276-4175-aebc-bcd41e4b14b7",
"properties": {
"assessmentType": "CustomerManaged",
"category": [
"Compute"
],
"description": "Assessment that my organization created to view our security assessment in Azure Security Center",
"displayName": "My organization security assessment",
"implementationEffort": "Low",
"remediationDescription": "Fix it with these remediation instructions",
"severity": "Medium",
"threats": [
"dataExfiltration",
"dataSpillage",
"maliciousInsider"
],
"userImpact": "Low"
},
"type": "Microsoft.Security/assessmentMetadata"
}
}
}
}
}
}
}
},
"definitions": {
"SecurityAssessmentMetadata": {
"allOf": [
{
"description": "Describes an Azure resource.",
"properties": {
"id": {
"description": "Resource Id",
"readOnly": true,
"type": "string"
},
"name": {
"description": "Resource name",
"readOnly": true,
"type": "string"
},
"type": {
"description": "Resource type",
"readOnly": true,
"type": "string"
}
},
"type": "object",
"x-ms-azure-resource": true
}
],
"description": "Security assessment metadata",
"properties": {
"properties": {
"$ref": "#/definitions/SecurityAssessmentMetadataProperties",
"x-ms-client-flatten": true
}
},
"type": "object"
},
"SecurityAssessmentMetadataList": {
"description": "List of security assessment metadata",
"properties": {
"nextLink": {
"description": "The URI to fetch the next page.",
"readOnly": true,
"type": "string"
},
"value": {
"items": {
"$ref": "#/definitions/SecurityAssessmentMetadata"
},
"readOnly": true,
"type": "array"
}
},
"type": "object"
},
"SecurityAssessmentMetadataProperties": {
"description": "Describes properties of an assessment metadata.",
"properties": {
"assessmentType": {
"description": "BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition",
"enum": [
"BuiltIn",
"CustomPolicy",
"CustomerManaged"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "assessmentType",
"values": [
{
"description": "Azure Security Center managed assessments",
"value": "BuiltIn"
},
{
"description": "User defined policies that are automatically ingested from Azure Policy to Azure Security Center",
"value": "CustomPolicy"
},
{
"description": "User assessments pushed directly by the user or other third party to Azure Security Center",
"value": "CustomerManaged"
}
]
}
},
"category": {
"items": {
"description": "The category of resource that is at risk when the assessment is unhealthy",
"enum": [
"Compute",
"Networking",
"Data",
"IdentityAndAccess",
"IoT"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "category",
"values": [
{
"value": "Compute"
},
{
"value": "Networking"
},
{
"value": "Data"
},
{
"value": "IdentityAndAccess"
},
{
"value": "IoT"
}
]
}
},
"type": "array"
},
"description": {
"description": "Human readable description of the assessment",
"type": "string"
},
"displayName": {
"description": "User friendly display name of the assessment",
"type": "string"
},
"implementationEffort": {
"description": "The implementation effort required to remediate this assessment",
"enum": [
"Low",
"Moderate",
"High"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "implementationEffort",
"values": [
{
"value": "Low"
},
{
"value": "Moderate"
},
{
"value": "High"
}
]
}
},
"policyDefinitionId": {
"description": "Azure resource ID of the policy definition that turns this assessment calculation on",
"readOnly": true,
"type": "string"
},
"preview": {
"description": "True if this assessment is in preview release status",
"type": "boolean"
},
"remediationDescription": {
"description": "Human readable description of what you should do to mitigate this security issue",
"type": "string"
},
"severity": {
"description": "The severity level of the assessment",
"enum": [
"Low",
"Medium",
"High"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "severity",
"values": [
{
"value": "Low"
},
{
"value": "Medium"
},
{
"value": "High"
}
]
}
},
"threats": {
"items": {
"description": "Threats impact of the assessment",
"enum": [
"accountBreach",
"dataExfiltration",
"dataSpillage",
"maliciousInsider",
"elevationOfPrivilege",
"threatResistance",
"missingCoverage",
"denialOfService"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "threats",
"values": [
{
"value": "accountBreach"
},
{
"value": "dataExfiltration"
},
{
"value": "dataSpillage"
},
{
"value": "maliciousInsider"
},
{
"value": "elevationOfPrivilege"
},
{
"value": "threatResistance"
},
{
"value": "missingCoverage"
},
{
"value": "denialOfService"
}
]
}
},
"type": "array"
},
"userImpact": {
"description": "The user impact of the assessment",
"enum": [
"Low",
"Moderate",
"High"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "userImpact",
"values": [
{
"value": "Low"
},
{
"value": "Moderate"
},
{
"value": "High"
}
]
}
}
},
"required": [
"displayName",
"severity",
"assessmentType"
],
"type": "object"
}
}
}