azure.mgmt.security.models module

class azure.mgmt.security.models.AadConnectivityState(value)

Bases: str, enum.Enum

An enumeration.

connected = 'Connected'

discovered = 'Discovered'

not_licensed = 'NotLicensed'

class azure.mgmt.security.models.AadConnectivityState1(*, connectivity_state=None, **kwargs)

Bases: msrest.serialization.Model

Describes an Azure resource with kind.

Parameters

connectivity_state (str or AadConnectivityState) – The connectivity state of the external AAD solution . Possible values include: ‘Discovered’, ‘NotLicensed’, ‘Connected’

class azure.mgmt.security.models.AadExternalSecuritySolution(*, properties=None, **kwargs)

Bases: azure.mgmt.security.models._models_py3.ExternalSecuritySolution

Represents an AAD identity protection solution which sends logs to an OMS workspace.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

• id (str) – Resource Id

• name (str) – Resource name

• type (str) – Resource type

• location (str) – Location where the resource is stored

Parameters

• kind (str) – Required. Constant filled by server.

• properties (AadSolutionProperties) –

class azure.mgmt.security.models.AadSolutionProperties(*, device_vendor: str = None, device_type: str = None, workspace=None, connectivity_state=None, **kwargs)

Bases: msrest.serialization.Model

The external security solution properties for AAD solutions.

Parameters

• device_vendor (str) –

• device_type (str) –

• workspace (ConnectedWorkspace) –

• connectivity_state (str or AadConnectivityState) – The connectivity state of the external AAD solution . Possible values include: ‘Discovered’, ‘NotLicensed’, ‘Connected’

class azure.mgmt.security.models.ActiveConnectionsNotInAllowedRange(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size, **kwargs)

Bases: azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule

Number of active connections is not in allowed range.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

• display_name (str) – The display name of the custom alert.

• description (str) – The description of the custom alert.

Parameters

• is_enabled (bool) – Required. Status of the custom alert.

• rule_type (str) – Required. Constant filled by server.

• min_threshold (int) – Required. The minimum threshold.

• max_threshold (int) – Required. The maximum threshold.

• time_window_size (timedelta) – Required. The time window size in iso8601 format.

class azure.mgmt.security.models.AdaptiveNetworkHardening(*, rules=None, rules_calculation_time=None, effective_network_security_groups=None, **kwargs)

Bases: azure.mgmt.security.models._models_py3.Resource

The resource whose properties describes the Adaptive Network Hardening settings for some Azure resource.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• id (str) – Resource Id

• name (str) – Resource name

• type (str) – Resource type

Parameters

• rules (list[Rule]) – The security rules which are recommended to be effective on the VM

• rules_calculation_time (datetime) – The UTC time on which the rules were calculated

• effective_network_security_groups (list[EffectiveNetworkSecurityGroups]) – The Network Security Groups effective on the network interfaces of the protected resource

class azure.mgmt.security.models.AdaptiveNetworkHardeningEnforceRequest(*, rules, network_security_groups, **kwargs)

Bases: msrest.serialization.Model

AdaptiveNetworkHardeningEnforceRequest.

All required parameters must be populated in order to send to Azure.

Parameters

• rules (list[Rule]) – Required. The rules to enforce

• network_security_groups (list[str]) – Required. The Azure resource IDs of the effective network security groups that will be updated with the created security rules from the Adaptive Network Hardening rules

class azure.mgmt.security.models.AdaptiveNetworkHardeningPaged(*args, **kwargs)

Bases: msrest.paging.Paged

A paging container for iterating over a list of AdaptiveNetworkHardening object

Bring async to Paging.

“async_command” is mandatory keyword argument for this mixin to work.

class azure.mgmt.security.models.AdditionalData(**kwargs)

Bases: msrest.serialization.Model

Details of the sub-assessment.

You probably want to use the sub-classes and not this class directly. Known sub-classes are: SqlServerVulnerabilityProperties, ContainerRegistryVulnerabilityProperties, ServerVulnerabilityProperties

All required parameters must be populated in order to send to Azure.

Parameters

assessed_resource_type (str) – Required. Constant filled by server.

class azure.mgmt.security.models.AdvancedThreatProtectionSetting(*, is_enabled: bool = None, **kwargs)

Bases: azure.mgmt.security.models._models_py3.Resource

The Advanced Threat Protection resource.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• id (str) – Resource Id

• name (str) – Resource name

• type (str) – Resource type

Parameters

is_enabled (bool) – Indicates whether Advanced Threat Protection is enabled.

class azure.mgmt.security.models.Alert(*, extended_properties=None, entities=None, confidence_reasons=None, **kwargs)

Bases: azure.mgmt.security.models._models_py3.Resource

Security alert.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• id (str) – Resource Id

• name (str) – Resource name

• type (str) – Resource type

• state (str) – State of the alert (Active, Dismissed etc.)

• reported_time_utc (datetime) – The time the incident was reported to Microsoft.Security in UTC

• vendor_name (str) – Name of the vendor that discovered the incident

• alert_name (str) – Name of the alert type

• alert_display_name (str) – Display name of the alert type

• detected_time_utc (datetime) – The time the incident was detected by the vendor

• description (str) – Description of the incident and what it means

• remediation_steps (str) – Recommended steps to reradiate the incident

• action_taken (str) – The action that was taken as a response to the alert (Active, Blocked etc.)

• reported_severity (str or ReportedSeverity) – Estimated severity of this alert. Possible values include: ‘Informational’, ‘Low’, ‘Medium’, ‘High’

• compromised_entity (str) – The entity that the incident happened on

• associated_resource (str) – Azure resource ID of the associated resource

• system_source (str) – The type of the alerted resource (Azure, Non-Azure)

• can_be_investigated (bool) – Whether this alert can be investigated with Azure Security Center

• is_incident (bool) – Whether this alert is for incident type or not (otherwise - single alert)

• confidence_score (float) – level of confidence we have on the alert

• subscription_id (str) – Azure subscription ID of the resource that had the security alert or the subscription ID of the workspace that this resource reports to

• instance_id (str) – Instance ID of the alert.

• workspace_arm_id (str) – Azure resource ID of the workspace that the alert was reported to.

• correlation_key (str) – Alerts with the same CorrelationKey will be grouped together in Ibiza.

Parameters

• extended_properties (dict[str, object]) –

• entities (list[AlertEntity]) – objects that are related to this alerts

• confidence_reasons (list[AlertConfidenceReason]) – reasons the alert got the confidenceScore value

class azure.mgmt.security.models.AlertConfidenceReason(**kwargs)

Bases: msrest.serialization.Model

Factors that increase our confidence that the alert is a true positive.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• type (str) – Type of confidence factor

• reason (str) – description of the confidence reason

class azure.mgmt.security.models.AlertEntity(*, additional_properties=None, **kwargs)

Bases: msrest.serialization.Model

Changing set of properties depending on the entity type.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters

additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection

Variables

type (str) – Type of entity

class azure.mgmt.security.models.AlertNotifications(value)

Bases: str, enum.Enum

An enumeration.

off = 'Off'

Don’t get notifications on new alerts

on = 'On'

Get notifications on new alerts

class azure.mgmt.security.models.AlertPaged(*args, **kwargs)

Bases: msrest.paging.Paged

A paging container for iterating over a list of Alert object

Bring async to Paging.

“async_command” is mandatory keyword argument for this mixin to work.

class azure.mgmt.security.models.AlertsSuppressionRule(*, alert_type: str, reason: str, state, expiration_date_utc=None, comment: str = None, suppression_alerts_scope=None, **kwargs)

Bases: azure.mgmt.security.models._models_py3.Resource

Describes the suppression rule.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

• id (str) – Resource Id

• name (str) – Resource name

• type (str) – Resource type

• last_modified_utc (datetime) – The last time this rule was modified

Parameters

• alert_type (str) – Required. Type of the alert to automatically suppress. For all alert types, use ‘*’

• expiration_date_utc (datetime) – Expiration date of the rule, if value is not provided or provided as null this field will default to the maximum allowed expiration date.

• reason (str) – Required. The reason for dismissing the alert

• state (str or RuleState) – Required. Possible states of the rule. Possible values include: ‘Enabled’, ‘Disabled’, ‘Expired’

• comment (str) – Any comment regarding the rule

• suppression_alerts_scope (SuppressionAlertsScope) – The suppression conditions

class azure.mgmt.security.models.AlertsSuppressionRulePaged(*args, **kwargs)

Bases: msrest.paging.Paged

A paging container for iterating over a list of AlertsSuppressionRule object

Bring async to Paging.

“async_command” is mandatory keyword argument for this mixin to work.

class azure.mgmt.security.models.AlertsToAdmins(value)

Bases: str, enum.Enum

An enumeration.

off = 'Off'

Don’t send notification on new alerts to the subscription’s admins

on = 'On'

Send notification on new alerts to the subscription’s admins

class azure.mgmt.security.models.AllowedConnectionsResource(**kwargs)

Bases: msrest.serialization.Model

The resource whose properties describes the allowed traffic between Azure resources.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• id (str) – Resource Id

• name (str) – Resource name

• type (str) – Resource type

• location (str) – Location where the resource is stored

• calculated_date_time (datetime) – The UTC time on which the allowed connections resource was calculated

• connectable_resources (list[ConnectableResource]) – List of connectable resources

class azure.mgmt.security.models.AllowedConnectionsResourcePaged(*args, **kwargs)

Bases: msrest.paging.Paged

A paging container for iterating over a list of AllowedConnectionsResource object

Bring async to Paging.

“async_command” is mandatory keyword argument for this mixin to work.

class azure.mgmt.security.models.AllowlistCustomAlertRule(*, is_enabled: bool, allowlist_values, **kwargs)

Bases: azure.mgmt.security.models._models_py3.ListCustomAlertRule

A custom alert rule that checks if a value (depends on the custom alert type) is allowed.

You probably want to use the sub-classes and not this class directly. Known sub-classes are: ConnectionToIpNotAllowed, LocalUserNotAllowed, ProcessNotAllowed

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

• display_name (str) – The display name of the custom alert.

• description (str) – The description of the custom alert.

• value_type (str or ValueType) – The value type of the items in the list. Possible values include: ‘IpCidr’, ‘String’

Parameters

• is_enabled (bool) – Required. Status of the custom alert.

• rule_type (str) – Required. Constant filled by server.

• allowlist_values (list[str]) – Required. The values to allow. The format of the values depends on the rule type.

class azure.mgmt.security.models.AmqpC2DMessagesNotInAllowedRange(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size, **kwargs)

Bases: azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule

Number of cloud to device messages (AMQP protocol) is not in allowed range.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

• display_name (str) – The display name of the custom alert.

• description (str) – The description of the custom alert.

Parameters

• is_enabled (bool) – Required. Status of the custom alert.

• rule_type (str) – Required. Constant filled by server.

• min_threshold (int) – Required. The minimum threshold.

• max_threshold (int) – Required. The maximum threshold.

• time_window_size (timedelta) – Required. The time window size in iso8601 format.

class azure.mgmt.security.models.AmqpC2DRejectedMessagesNotInAllowedRange(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size, **kwargs)

Bases: azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule

Number of rejected cloud to device messages (AMQP protocol) is not in allowed range.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

• display_name (str) – The display name of the custom alert.

• description (str) – The description of the custom alert.

Parameters

• is_enabled (bool) – Required. Status of the custom alert.

• rule_type (str) – Required. Constant filled by server.

• min_threshold (int) – Required. The minimum threshold.

• max_threshold (int) – Required. The maximum threshold.

• time_window_size (timedelta) – Required. The time window size in iso8601 format.

class azure.mgmt.security.models.AmqpD2CMessagesNotInAllowedRange(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size, **kwargs)

Bases: azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule

Number of device to cloud messages (AMQP protocol) is not in allowed range.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

• display_name (str) – The display name of the custom alert.

• description (str) – The description of the custom alert.

Parameters

• is_enabled (bool) – Required. Status of the custom alert.

• rule_type (str) – Required. Constant filled by server.

• min_threshold (int) – Required. The minimum threshold.

• max_threshold (int) – Required. The maximum threshold.

• time_window_size (timedelta) – Required. The time window size in iso8601 format.

class azure.mgmt.security.models.AppWhitelistingGroup(*, enforcement_mode=None, protection_mode=None, vm_recommendations=None, path_recommendations=None, **kwargs)

Bases: msrest.serialization.Model

AppWhitelistingGroup.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• id (str) – Resource Id

• name (str) – Resource name

• type (str) – Resource type

• location (str) – Location where the resource is stored

• configuration_status (str or enum) – Possible values include: ‘Configured’, ‘NotConfigured’, ‘InProgress’, ‘Failed’, ‘NoStatus’

• recommendation_status (str or enum) – Possible values include: ‘Recommended’, ‘NotRecommended’, ‘NotAvailable’, ‘NoStatus’

• issues (list[AppWhitelistingIssueSummary]) –

• source_system (str or enum) – Possible values include: ‘Azure_AppLocker’, ‘Azure_AuditD’, ‘NonAzure_AppLocker’, ‘NonAzure_AuditD’, ‘None’

Parameters

• enforcement_mode (str or enum) – Possible values include: ‘Audit’, ‘Enforce’, ‘None’

• protection_mode (ProtectionMode) –

• vm_recommendations (list[VmRecommendation]) –

• path_recommendations (list[PathRecommendation]) –

class azure.mgmt.security.models.AppWhitelistingGroups(*, value=None, **kwargs)

Bases: msrest.serialization.Model

Represents a list of VM/server groups and set of rules that are Recommended by Azure Security Center to be allowed.

Parameters

value (list[AppWhitelistingGroup]) –

class azure.mgmt.security.models.AppWhitelistingIssueSummary(*, issue=None, number_of_vms: float = None, **kwargs)

Bases: msrest.serialization.Model

Represents a summary of the alerts of the VM/server group.

Parameters

• issue (str or enum) – Possible values include: ‘ViolationsAudited’, ‘ViolationsBlocked’, ‘MsiAndScriptViolationsAudited’, ‘MsiAndScriptViolationsBlocked’, ‘ExecutableViolationsAudited’, ‘RulesViolatedManually’

• number_of_vms (float) – The number of machines in the VM/server group that have this alert

class azure.mgmt.security.models.AscLocation(*, properties=None, **kwargs)

Bases: azure.mgmt.security.models._models_py3.Resource

The ASC location of the subscription is in the “name” field.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• id (str) – Resource Id

• name (str) – Resource name

• type (str) – Resource type

Parameters

properties (object) –

class azure.mgmt.security.models.AscLocationPaged(*args, **kwargs)

Bases: msrest.paging.Paged

A paging container for iterating over a list of AscLocation object

Bring async to Paging.

“async_command” is mandatory keyword argument for this mixin to work.

class azure.mgmt.security.models.AssessmentLinks(**kwargs)

Bases: msrest.serialization.Model

Links relevant to the assessment.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

azure_portal_uri (str) – Link to assessment in Azure Portal

class azure.mgmt.security.models.AssessmentStatus(*, code, cause: str = None, description: str = None, **kwargs)

Bases: msrest.serialization.Model

The result of the assessment.

All required parameters must be populated in order to send to Azure.

Parameters

• code (str or AssessmentStatusCode) – Required. Programmatic code for the status of the assessment. Possible values include: ‘Healthy’, ‘Unhealthy’, ‘NotApplicable’

• cause (str) – Programmatic code for the cause of the assessment status

• description (str) – Human readable description of the assessment status

class azure.mgmt.security.models.AssessmentStatusCode(value)

Bases: str, enum.Enum

An enumeration.

healthy = 'Healthy'

The resource is healthy

not_applicable = 'NotApplicable'

Assessment for this resource did not happen

unhealthy = 'Unhealthy'

The resource has a security issue that needs to be addressed

class azure.mgmt.security.models.AssessmentType(value)

Bases: str, enum.Enum

An enumeration.

built_in = 'BuiltIn'

Azure Security Center managed assessments

custom_policy = 'CustomPolicy'

User defined policies that are automatically ingested from Azure Policy to Azure Security Center

customer_managed = 'CustomerManaged'

User assessments pushed directly by the user or other third party to Azure Security Center

verified_partner = 'VerifiedPartner'

An assessment that was created by a verified 3rd party if the user connected it to ASC

class azure.mgmt.security.models.AtaExternalSecuritySolution(*, properties=None, **kwargs)

Bases: azure.mgmt.security.models._models_py3.ExternalSecuritySolution

Represents an ATA security solution which sends logs to an OMS workspace.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

• id (str) – Resource Id

• name (str) – Resource name

• type (str) – Resource type

• location (str) – Location where the resource is stored

Parameters

• kind (str) – Required. Constant filled by server.

• properties (AtaSolutionProperties) –

class azure.mgmt.security.models.AtaSolutionProperties(*, additional_properties=None, device_vendor: str = None, device_type: str = None, workspace=None, last_event_received: str = None, **kwargs)

Bases: azure.mgmt.security.models._models_py3.ExternalSecuritySolutionProperties

The external security solution properties for ATA solutions.

Parameters

• additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection

• device_vendor (str) –

• device_type (str) –

• workspace (ConnectedWorkspace) –

• last_event_received (str) –

class azure.mgmt.security.models.AutoProvision(value)

Bases: str, enum.Enum

An enumeration.

off = 'Off'

Do not install security agent on the VMs automatically

on = 'On'

Install missing security agent on VMs automatically

class azure.mgmt.security.models.AutoProvisioningSetting(*, auto_provision, **kwargs)

Bases: azure.mgmt.security.models._models_py3.Resource

Auto provisioning setting.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

• id (str) – Resource Id

• name (str) – Resource name

• type (str) – Resource type

Parameters

auto_provision (str or AutoProvision) – Required. Describes what kind of security agent provisioning action to take. Possible values include: ‘On’, ‘Off’

class azure.mgmt.security.models.AutoProvisioningSettingPaged(*args, **kwargs)

Bases: msrest.paging.Paged

A paging container for iterating over a list of AutoProvisioningSetting object

Bring async to Paging.

“async_command” is mandatory keyword argument for this mixin to work.

class azure.mgmt.security.models.Automation(*, kind: str = None, etag: str = None, tags=None, description: str = None, is_enabled: bool = None, scopes=None, sources=None, actions=None, **kwargs)

Bases: azure.mgmt.security.models._models_py3.TrackedResource

The security automation resource.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• id (str) – Resource Id

• name (str) – Resource name

• type (str) – Resource type

• location (str) – Location where the resource is stored

Parameters

• kind (str) – Kind of the resource

• etag (str) – Entity tag is used for comparing two or more entities from the same requested resource.

• tags (dict[str, str]) – A list of key value pairs that describe the resource.

• description (str) – The security automation description.

• is_enabled (bool) – Indicates whether the security automation is enabled.

• scopes (list[AutomationScope]) – A collection of scopes on which the security automations logic is applied. Supported scopes are the subscription itself or a resource group under that subscription. The automation will only apply on defined scopes.

• sources (list[AutomationSource]) – A collection of the source event types which evaluate the security automation set of rules.

• actions (list[AutomationAction]) – A collection of the actions which are triggered if all the configured rules evaluations, within at least one rule set, are true.

class azure.mgmt.security.models.AutomationAction(**kwargs)

Bases: msrest.serialization.Model

The action that should be triggered.

You probably want to use the sub-classes and not this class directly. Known sub-classes are: AutomationActionLogicApp, AutomationActionEventHub, AutomationActionWorkspace

All required parameters must be populated in order to send to Azure.

Parameters

action_type (str) – Required. Constant filled by server.

class azure.mgmt.security.models.AutomationActionEventHub(*, event_hub_resource_id: str = None, connection_string: str = None, **kwargs)

Bases: azure.mgmt.security.models._models_py3.AutomationAction

The target Event Hub to which event data will be exported. To learn more about Security Center continuous export capabilities, visit https://aka.ms/ASCExportLearnMore.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Parameters

• action_type (str) – Required. Constant filled by server.

• event_hub_resource_id (str) – The target Event Hub Azure Resource ID.

• connection_string (str) – The target Event Hub connection string (it will not be included in any response).

Variables

sas_policy_name (str) – The target Event Hub SAS policy name.

class azure.mgmt.security.models.AutomationActionLogicApp(*, logic_app_resource_id: str = None, uri: str = None, **kwargs)

Bases: azure.mgmt.security.models._models_py3.AutomationAction

The logic app action that should be triggered. To learn more about Security Center’s Workflow Automation capabilities, visit https://aka.ms/ASCWorkflowAutomationLearnMore.

All required parameters must be populated in order to send to Azure.

Parameters

• action_type (str) – Required. Constant filled by server.

• logic_app_resource_id (str) – The triggered Logic App Azure Resource ID. This can also reside on other subscriptions, given that you have permissions to trigger the Logic App

• uri (str) – The Logic App trigger URI endpoint (it will not be included in any response).

class azure.mgmt.security.models.AutomationActionWorkspace(*, workspace_resource_id: str = None, **kwargs)

Bases: azure.mgmt.security.models._models_py3.AutomationAction

The Log Analytics Workspace to which event data will be exported. Security alerts data will reside in the ‘SecurityAlert’ table and the assessments data will reside in the ‘SecurityRecommendation’ table (under the ‘Security’/’SecurityCenterFree’ solutions). Note that in order to view the data in the workspace, the Security Center Log Analytics free/standard solution needs to be enabled on that workspace. To learn more about Security Center continuous export capabilities, visit https://aka.ms/ASCExportLearnMore.

All required parameters must be populated in order to send to Azure.

Parameters

• action_type (str) – Required. Constant filled by server.

• workspace_resource_id (str) – The fully qualified Log Analytics Workspace Azure Resource ID.

class azure.mgmt.security.models.AutomationPaged(*args, **kwargs)

Bases: msrest.paging.Paged

A paging container for iterating over a list of Automation object

Bring async to Paging.

“async_command” is mandatory keyword argument for this mixin to work.

class azure.mgmt.security.models.AutomationRuleSet(*, rules=None, **kwargs)

Bases: msrest.serialization.Model

A rule set which evaluates all its rules upon an event interception. Only when all the included rules in the rule set will be evaluated as ‘true’, will the event trigger the defined actions.

Parameters

rules (list[AutomationTriggeringRule]) –

class azure.mgmt.security.models.AutomationScope(*, description: str = None, scope_path: str = None, **kwargs)

Bases: msrest.serialization.Model

A single automation scope.

Parameters

• description (str) – The resources scope description.

• scope_path (str) – The resources scope path. Can be the subscription on which the automation is defined on or a resource group under that subscription (fully qualified Azure resource IDs).

class azure.mgmt.security.models.AutomationSource(*, event_source=None, rule_sets=None, **kwargs)

Bases: msrest.serialization.Model

The source event types which evaluate the security automation set of rules. For example - security alerts and security assessments. To learn more about the supported security events data models schemas - please visit https://aka.ms/ASCAutomationSchemas.

Parameters

• event_source (str or EventSource) – A valid event source type. Possible values include: ‘Assessments’, ‘Alerts’

• rule_sets (list[AutomationRuleSet]) – A set of rules which evaluate upon event interception. A logical disjunction is applied between defined rule sets (logical ‘or’).

class azure.mgmt.security.models.AutomationTriggeringRule(*, property_jpath: str = None, property_type=None, expected_value: str = None, operator=None, **kwargs)

Bases: msrest.serialization.Model

A rule which is evaluated upon event interception. The rule is configured by comparing a specific value from the event model to an expected value. This comparison is done by using one of the supported operators set.

Parameters

• property_jpath (str) – The JPath of the entity model property that should be checked.

• property_type (str or PropertyType) – The data type of the compared operands (string, integer, floating point number or a boolean [true/false]]. Possible values include: ‘String’, ‘Integer’, ‘Number’, ‘Boolean’

• expected_value (str) – The expected value.

• operator (str or Operator) – A valid comparer operator to use. A case-insensitive comparison will be applied for String PropertyType. Possible values include: ‘Equals’, ‘GreaterThan’, ‘GreaterThanOrEqualTo’, ‘LesserThan’, ‘LesserThanOrEqualTo’, ‘NotEquals’, ‘Contains’, ‘StartsWith’, ‘EndsWith’

class azure.mgmt.security.models.AutomationValidationStatus(*, is_valid: bool = None, message: str = None, **kwargs)

Bases: msrest.serialization.Model

The security automation model state property bag.

Parameters

• is_valid (bool) – Indicates whether the model is valid or not.

• message (str) – The validation message.

class azure.mgmt.security.models.AzureResourceDetails(**kwargs)

Bases: azure.mgmt.security.models._models_py3.ResourceDetails

Details of the Azure resource that was assessed.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Parameters

source (str) – Required. Constant filled by server.

Variables

id (str) – Azure resource Id of the assessed resource

class azure.mgmt.security.models.AzureResourceLink(**kwargs)

Bases: msrest.serialization.Model

Describes an Azure resource with kind.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

id (str) – Azure resource Id

class azure.mgmt.security.models.CVE(**kwargs)

Bases: msrest.serialization.Model

CVE details.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• title (str) – CVE title

• link (str) – Link url

class azure.mgmt.security.models.CVSS(**kwargs)

Bases: msrest.serialization.Model

CVSS details.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

base (float) – CVSS base

class azure.mgmt.security.models.Category(value)

Bases: str, enum.Enum

An enumeration.

compute = 'Compute'

data = 'Data'

identity_and_access = 'IdentityAndAccess'

io_t = 'IoT'

networking = 'Networking'

class azure.mgmt.security.models.CefExternalSecuritySolution(*, properties=None, **kwargs)

Bases: azure.mgmt.security.models._models_py3.ExternalSecuritySolution

Represents a security solution which sends CEF logs to an OMS workspace.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

• id (str) – Resource Id

• name (str) – Resource name

• type (str) – Resource type

• location (str) – Location where the resource is stored

Parameters

• kind (str) – Required. Constant filled by server.

• properties (CefSolutionProperties) –

class azure.mgmt.security.models.CefSolutionProperties(*, additional_properties=None, device_vendor: str = None, device_type: str = None, workspace=None, hostname: str = None, agent: str = None, last_event_received: str = None, **kwargs)

Bases: azure.mgmt.security.models._models_py3.ExternalSecuritySolutionProperties

The external security solution properties for CEF solutions.

Parameters

• additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection

• device_vendor (str) –

• device_type (str) –

• workspace (ConnectedWorkspace) –

• hostname (str) –

• agent (str) –

• last_event_received (str) –

class azure.mgmt.security.models.Compliance(**kwargs)

Bases: azure.mgmt.security.models._models_py3.Resource

Compliance of a scope.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• id (str) – Resource Id

• name (str) – Resource name

• type (str) – Resource type

• assessment_timestamp_utc_date (datetime) – The timestamp when the Compliance calculation was conducted.

• resource_count (int) – The resource count of the given subscription for which the Compliance calculation was conducted (needed for Management Group Compliance calculation).

• assessment_result (list[ComplianceSegment]) – An array of segment, which is the actually the compliance assessment.

class azure.mgmt.security.models.CompliancePaged(*args, **kwargs)

Bases: msrest.paging.Paged

A paging container for iterating over a list of Compliance object

Bring async to Paging.

“async_command” is mandatory keyword argument for this mixin to work.

class azure.mgmt.security.models.ComplianceResult(**kwargs)

Bases: azure.mgmt.security.models._models_py3.Resource

a compliance result.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• id (str) – Resource Id

• name (str) – Resource name

• type (str) – Resource type

• resource_status (str or ResourceStatus) – The status of the resource regarding a single assessment. Possible values include: ‘Healthy’, ‘NotApplicable’, ‘OffByPolicy’, ‘NotHealthy’

class azure.mgmt.security.models.ComplianceResultPaged(*args, **kwargs)

Bases: msrest.paging.Paged

A paging container for iterating over a list of ComplianceResult object

Bring async to Paging.

“async_command” is mandatory keyword argument for this mixin to work.

class azure.mgmt.security.models.ComplianceSegment(**kwargs)

Bases: msrest.serialization.Model

A segment of a compliance assessment.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• segment_type (str) – The segment type, e.g. compliant, non-compliance, insufficient coverage, N/A, etc.

• percentage (float) – The size (%) of the segment.

class azure.mgmt.security.models.ConnectableResource(**kwargs)

Bases: msrest.serialization.Model

Describes the allowed inbound and outbound traffic of an Azure resource.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• id (str) – The Azure resource id

• inbound_connected_resources (list[ConnectedResource]) – The list of Azure resources that the resource has inbound allowed connection from

• outbound_connected_resources (list[ConnectedResource]) – The list of Azure resources that the resource has outbound allowed connection to

class azure.mgmt.security.models.ConnectedResource(**kwargs)

Bases: msrest.serialization.Model

Describes properties of a connected resource.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• connected_resource_id (str) – The Azure resource id of the connected resource

• tcp_ports (str) – The allowed tcp ports

• udp_ports (str) – The allowed udp ports

class azure.mgmt.security.models.ConnectedWorkspace(*, id: str = None, **kwargs)

Bases: msrest.serialization.Model

Represents an OMS workspace to which the solution is connected.

Parameters

id (str) – Azure resource ID of the connected OMS workspace

class azure.mgmt.security.models.ConnectionToIpNotAllowed(*, is_enabled: bool, allowlist_values, **kwargs)

Bases: azure.mgmt.security.models._models_py3.AllowlistCustomAlertRule

Outbound connection to an ip that isn’t allowed. Allow list consists of ipv4 or ipv6 range in CIDR notation.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

• display_name (str) – The display name of the custom alert.

• description (str) – The description of the custom alert.

• value_type (str or ValueType) – The value type of the items in the list. Possible values include: ‘IpCidr’, ‘String’

Parameters

• is_enabled (bool) – Required. Status of the custom alert.

• rule_type (str) – Required. Constant filled by server.

• allowlist_values (list[str]) – Required. The values to allow. The format of the values depends on the rule type.

class azure.mgmt.security.models.ConnectionType(value)

Bases: str, enum.Enum

An enumeration.

external = 'External'

internal = 'Internal'

class azure.mgmt.security.models.ContainerRegistryVulnerabilityProperties(**kwargs)

Bases: azure.mgmt.security.models._models_py3.AdditionalData

Additional context fields for container registry Vulnerability assessment.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Parameters

assessed_resource_type (str) – Required. Constant filled by server.

Variables

• type (str) – Vulnerability Type. e.g: Vulnerability, Potential Vulnerability, Information Gathered, Vulnerability

• cvss (dict[str, CVSS]) – Dictionary from cvss version to cvss details object

• patchable (bool) – Indicates whether a patch is available or not

• cve (list[CVE]) – List of CVEs

• published_time (datetime) – Published time

• vendor_references (list[VendorReference]) –

• repository_name (str) – Name of the repository which the vulnerable image belongs to

• image_digest (str) – Digest of the vulnerable image

class azure.mgmt.security.models.ControlType(value)

Bases: str, enum.Enum

An enumeration.

built_in = 'BuiltIn'

Azure Security Center managed assessments

custom = 'Custom'

Non Azure Security Center managed assessments

class azure.mgmt.security.models.CustomAlertRule(*, is_enabled: bool, **kwargs)

Bases: msrest.serialization.Model

A custom alert rule.

You probably want to use the sub-classes and not this class directly. Known sub-classes are: ThresholdCustomAlertRule, ListCustomAlertRule

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

• display_name (str) – The display name of the custom alert.

• description (str) – The description of the custom alert.

Parameters

• is_enabled (bool) – Required. Status of the custom alert.

• rule_type (str) – Required. Constant filled by server.

class azure.mgmt.security.models.DataExportSettings(*, enabled: bool, **kwargs)

Bases: azure.mgmt.security.models._models_py3.Setting

Represents a data export setting.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

• id (str) – Resource Id

• name (str) – Resource name

• type (str) – Resource type

Parameters

• kind (str) – Required. Constant filled by server.

• enabled (bool) – Required. Is the data export setting is enabled

class azure.mgmt.security.models.DataSource(value)

Bases: str, enum.Enum

An enumeration.

twin_data = 'TwinData'

Devices twin data

class azure.mgmt.security.models.DenylistCustomAlertRule(*, is_enabled: bool, denylist_values, **kwargs)

Bases: azure.mgmt.security.models._models_py3.ListCustomAlertRule

A custom alert rule that checks if a value (depends on the custom alert type) is denied.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

• display_name (str) – The display name of the custom alert.

• description (str) – The description of the custom alert.

• value_type (str or ValueType) – The value type of the items in the list. Possible values include: ‘IpCidr’, ‘String’

Parameters

• is_enabled (bool) – Required. Status of the custom alert.

• rule_type (str) – Required. Constant filled by server.

• denylist_values (list[str]) – Required. The values to deny. The format of the values depends on the rule type.

class azure.mgmt.security.models.DeviceSecurityGroup(*, threshold_rules=None, time_window_rules=None, allowlist_rules=None, denylist_rules=None, **kwargs)

Bases: azure.mgmt.security.models._models_py3.Resource

The device security group resource.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• id (str) – Resource Id

• name (str) – Resource name

• type (str) – Resource type

Parameters

• threshold_rules (list[ThresholdCustomAlertRule]) – The list of custom alert threshold rules.

• time_window_rules (list[TimeWindowCustomAlertRule]) – The list of custom alert time-window rules.

• allowlist_rules (list[AllowlistCustomAlertRule]) – The allow-list custom alert rules.

• denylist_rules (list[DenylistCustomAlertRule]) – The deny-list custom alert rules.

class azure.mgmt.security.models.DeviceSecurityGroupPaged(*args, **kwargs)

Bases: msrest.paging.Paged

A paging container for iterating over a list of DeviceSecurityGroup object

Bring async to Paging.

“async_command” is mandatory keyword argument for this mixin to work.

class azure.mgmt.security.models.DirectMethodInvokesNotInAllowedRange(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size, **kwargs)

Bases: azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule

Number of direct method invokes is not in allowed range.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

• display_name (str) – The display name of the custom alert.

• description (str) – The description of the custom alert.

Parameters

• is_enabled (bool) – Required. Status of the custom alert.

• rule_type (str) – Required. Constant filled by server.

• min_threshold (int) – Required. The minimum threshold.

• max_threshold (int) – Required. The maximum threshold.

• time_window_size (timedelta) – Required. The time window size in iso8601 format.

class azure.mgmt.security.models.Direction(value)

Bases: str, enum.Enum

An enumeration.

inbound = 'Inbound'

outbound = 'Outbound'

class azure.mgmt.security.models.DiscoveredSecuritySolution(*, security_family, offer: str, publisher: str, sku: str, **kwargs)

Bases: msrest.serialization.Model

DiscoveredSecuritySolution.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

• id (str) – Resource Id

• name (str) – Resource name

• type (str) – Resource type

• location (str) – Location where the resource is stored

Parameters

• security_family (str or SecurityFamily) – Required. The security family of the discovered solution. Possible values include: ‘Waf’, ‘Ngfw’, ‘SaasWaf’, ‘Va’

• offer (str) – Required. The security solutions’ image offer

• publisher (str) – Required. The security solutions’ image publisher

• sku (str) – Required. The security solutions’ image sku

class azure.mgmt.security.models.DiscoveredSecuritySolutionPaged(*args, **kwargs)

Bases: msrest.paging.Paged

A paging container for iterating over a list of DiscoveredSecuritySolution object

Bring async to Paging.

“async_command” is mandatory keyword argument for this mixin to work.

class azure.mgmt.security.models.ETag(*, etag: str = None, **kwargs)

Bases: msrest.serialization.Model

Entity tag is used for comparing two or more entities from the same requested resource.

Parameters

etag (str) – Entity tag is used for comparing two or more entities from the same requested resource.

class azure.mgmt.security.models.EffectiveNetworkSecurityGroups(*, network_interface: str = None, network_security_groups=None, **kwargs)

Bases: msrest.serialization.Model

Describes the Network Security Groups effective on a network interface.

Parameters

• network_interface (str) – The Azure resource ID of the network interface

• network_security_groups (list[str]) – The Network Security Groups effective on the network interface

class azure.mgmt.security.models.EventSource(value)

Bases: str, enum.Enum

An enumeration.

alerts = 'Alerts'

assessments = 'Assessments'

class azure.mgmt.security.models.ExpandControlsEnum(value)

Bases: str, enum.Enum

An enumeration.

definition = 'definition'

Add definition object for each control

class azure.mgmt.security.models.ExpandEnum(value)

Bases: str, enum.Enum

An enumeration.

links = 'links'

All links associated with an assessment

metadata = 'metadata'

Assessment metadata

class azure.mgmt.security.models.ExportData(value)

Bases: str, enum.Enum

An enumeration.

raw_events = 'RawEvents'

Agent raw events

class azure.mgmt.security.models.ExternalSecuritySolution(**kwargs)

Bases: msrest.serialization.Model

Represents a security solution external to Azure Security Center which sends information to an OMS workspace and whose data is displayed by Azure Security Center.

You probably want to use the sub-classes and not this class directly. Known sub-classes are: CefExternalSecuritySolution, AtaExternalSecuritySolution, AadExternalSecuritySolution

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

• id (str) – Resource Id

• name (str) – Resource name

• type (str) – Resource type

• location (str) – Location where the resource is stored

Parameters

kind (str) – Required. Constant filled by server.

class azure.mgmt.security.models.ExternalSecuritySolutionKind(value)

Bases: str, enum.Enum

An enumeration.

aad = 'AAD'

ata = 'ATA'

cef = 'CEF'

class azure.mgmt.security.models.ExternalSecuritySolutionKind1(*, kind=None, **kwargs)

Bases: msrest.serialization.Model

Describes an Azure resource with kind.

Parameters

kind (str or ExternalSecuritySolutionKind) – The kind of the external solution. Possible values include: ‘CEF’, ‘ATA’, ‘AAD’

class azure.mgmt.security.models.ExternalSecuritySolutionPaged(*args, **kwargs)

Bases: msrest.paging.Paged

A paging container for iterating over a list of ExternalSecuritySolution object

Bring async to Paging.

“async_command” is mandatory keyword argument for this mixin to work.

class azure.mgmt.security.models.ExternalSecuritySolutionProperties(*, additional_properties=None, device_vendor: str = None, device_type: str = None, workspace=None, **kwargs)

Bases: msrest.serialization.Model

The solution properties (correspond to the solution kind).

Parameters

• additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection

• device_vendor (str) –

• device_type (str) –

• workspace (ConnectedWorkspace) –

class azure.mgmt.security.models.FailedLocalLoginsNotInAllowedRange(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size, **kwargs)

Bases: azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule

Number of failed local logins is not in allowed range.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

• display_name (str) – The display name of the custom alert.

• description (str) – The description of the custom alert.

Parameters

• is_enabled (bool) – Required. Status of the custom alert.

• rule_type (str) – Required. Constant filled by server.

• min_threshold (int) – Required. The minimum threshold.

• max_threshold (int) – Required. The maximum threshold.

• time_window_size (timedelta) – Required. The time window size in iso8601 format.

class azure.mgmt.security.models.FileUploadsNotInAllowedRange(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size, **kwargs)

Bases: azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule

Number of file uploads is not in allowed range.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

• display_name (str) – The display name of the custom alert.

• description (str) – The description of the custom alert.

Parameters

• is_enabled (bool) – Required. Status of the custom alert.

• rule_type (str) – Required. Constant filled by server.

• min_threshold (int) – Required. The minimum threshold.

• max_threshold (int) – Required. The maximum threshold.

• time_window_size (timedelta) – Required. The time window size in iso8601 format.

class azure.mgmt.security.models.HttpC2DMessagesNotInAllowedRange(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size, **kwargs)

Bases: azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule

Number of cloud to device messages (HTTP protocol) is not in allowed range.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

• display_name (str) – The display name of the custom alert.

• description (str) – The description of the custom alert.

Parameters

• is_enabled (bool) – Required. Status of the custom alert.

• rule_type (str) – Required. Constant filled by server.

• min_threshold (int) – Required. The minimum threshold.

• max_threshold (int) – Required. The maximum threshold.

• time_window_size (timedelta) – Required. The time window size in iso8601 format.

class azure.mgmt.security.models.HttpC2DRejectedMessagesNotInAllowedRange(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size, **kwargs)

Bases: azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule

Number of rejected cloud to device messages (HTTP protocol) is not in allowed range.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

• display_name (str) – The display name of the custom alert.

• description (str) – The description of the custom alert.

Parameters

• is_enabled (bool) – Required. Status of the custom alert.

• rule_type (str) – Required. Constant filled by server.

• min_threshold (int) – Required. The minimum threshold.

• max_threshold (int) – Required. The maximum threshold.

• time_window_size (timedelta) – Required. The time window size in iso8601 format.

class azure.mgmt.security.models.HttpD2CMessagesNotInAllowedRange(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size, **kwargs)

Bases: azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule

Number of device to cloud messages (HTTP protocol) is not in allowed range.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

• display_name (str) – The display name of the custom alert.

• description (str) – The description of the custom alert.

Parameters

• is_enabled (bool) – Required. Status of the custom alert.

• rule_type (str) – Required. Constant filled by server.

• min_threshold (int) – Required. The minimum threshold.

• max_threshold (int) – Required. The maximum threshold.

• time_window_size (timedelta) – Required. The time window size in iso8601 format.

class azure.mgmt.security.models.ImplementationEffort(value)

Bases: str, enum.Enum

An enumeration.

high = 'High'

low = 'Low'

moderate = 'Moderate'

class azure.mgmt.security.models.InformationProtectionKeyword(*, pattern: str = None, custom: bool = None, can_be_numeric: bool = None, excluded: bool = None, **kwargs)

Bases: msrest.serialization.Model

The information type keyword.

Parameters

• pattern (str) – The keyword pattern.

• custom (bool) – Indicates whether the keyword is custom or not.

• can_be_numeric (bool) – Indicates whether the keyword can be applied on numeric types or not.

• excluded (bool) – Indicates whether the keyword is excluded or not.

class azure.mgmt.security.models.InformationProtectionPolicy(*, labels=None, information_types=None, **kwargs)

Bases: azure.mgmt.security.models._models_py3.Resource

Information protection policy.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• id (str) – Resource Id

• name (str) – Resource name

• type (str) – Resource type

• last_modified_utc (datetime) – Describes the last UTC time the policy was modified.

• version (str) – Describes the version of the policy.

Parameters

• labels (dict[str, SensitivityLabel]) – Dictionary of sensitivity labels.

• information_types (dict[str, InformationType]) – The sensitivity information types.

class azure.mgmt.security.models.InformationProtectionPolicyPaged(*args, **kwargs)

Bases: msrest.paging.Paged

A paging container for iterating over a list of InformationProtectionPolicy object

Bring async to Paging.

“async_command” is mandatory keyword argument for this mixin to work.

class azure.mgmt.security.models.InformationType(*, display_name: str = None, description: str = None, order: int = None, recommended_label_id: str = None, enabled: bool = None, custom: bool = None, keywords=None, **kwargs)

Bases: msrest.serialization.Model

The information type.

Parameters

• display_name (str) – The name of the information type.

• description (str) – The description of the information type.

• order (int) – The order of the information type.

• recommended_label_id (str) – The recommended label id to be associated with this information type.

• enabled (bool) – Indicates whether the information type is enabled or not.

• custom (bool) – Indicates whether the information type is custom or not.

• keywords (list[InformationProtectionKeyword]) – The information type keywords.

class azure.mgmt.security.models.IoTSecurityAggregatedAlert(*, tags=None, **kwargs)

Bases: msrest.serialization.Model

Security Solution Aggregated Alert information.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• id (str) – Resource Id

• name (str) – Resource name

• type (str) – Resource type

• alert_type (str) – Name of the alert type.

• alert_display_name (str) – Display name of the alert type.

• aggregated_date_utc (date) – Date of detection.

• vendor_name (str) – Name of the organization that raised the alert.

• reported_severity (str or ReportedSeverity) – Assessed alert severity. Possible values include: ‘Informational’, ‘Low’, ‘Medium’, ‘High’

• remediation_steps (str) – Recommended steps for remediation.

• description (str) – Description of the suspected vulnerability and meaning.

• count (int) – Number of alerts occurrences within the aggregated time window.

• effected_resource_type (str) – Azure resource ID of the resource that received the alerts.

• system_source (str) – The type of the alerted resource (Azure, Non-Azure).

• action_taken (str) – IoT Security solution alert response.

• log_analytics_query (str) – Log analytics query for getting the list of affected devices/alerts.

• top_devices_list (list[IoTSecurityAggregatedAlertPropertiesTopDevicesListItem]) – 10 devices with the highest number of occurrences of this alert type, on this day.

Parameters

tags (dict[str, str]) – Resource tags

class azure.mgmt.security.models.IoTSecurityAggregatedAlertPaged(*args, **kwargs)

Bases: msrest.paging.Paged

A paging container for iterating over a list of IoTSecurityAggregatedAlert object

Bring async to Paging.

“async_command” is mandatory keyword argument for this mixin to work.

class azure.mgmt.security.models.IoTSecurityAggregatedAlertPropertiesTopDevicesListItem(**kwargs)

Bases: msrest.serialization.Model

IoTSecurityAggregatedAlertPropertiesTopDevicesListItem.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• device_id (str) – Name of the device.

• alerts_count (int) – Number of alerts raised for this device.

• last_occurrence (str) – Most recent time this alert was raised for this device, on this day.

class azure.mgmt.security.models.IoTSecurityAggregatedRecommendation(*, tags=None, recommendation_name: str = None, **kwargs)

Bases: msrest.serialization.Model

IoT Security solution recommendation information.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• id (str) – Resource Id

• name (str) – Resource name

• type (str) – Resource type

• recommendation_display_name (str) – Display name of the recommendation type.

• description (str) – Description of the suspected vulnerability and meaning.

• recommendation_type_id (str) – Recommendation-type GUID.

• detected_by (str) – Name of the organization that made the recommendation.

• remediation_steps (str) – Recommended steps for remediation

• reported_severity (str or ReportedSeverity) – Assessed recommendation severity. Possible values include: ‘Informational’, ‘Low’, ‘Medium’, ‘High’

• healthy_devices (int) – Number of healthy devices within the IoT Security solution.

• unhealthy_device_count (int) – Number of unhealthy devices within the IoT Security solution.

• log_analytics_query (str) – Log analytics query for getting the list of affected devices/alerts.

Parameters

• tags (dict[str, str]) – Resource tags

• recommendation_name (str) – Name of the recommendation.

class azure.mgmt.security.models.IoTSecurityAggregatedRecommendationPaged(*args, **kwargs)

Bases: msrest.paging.Paged

A paging container for iterating over a list of IoTSecurityAggregatedRecommendation object

Bring async to Paging.

“async_command” is mandatory keyword argument for this mixin to work.

class azure.mgmt.security.models.IoTSecurityAlertedDevice(**kwargs)

Bases: msrest.serialization.Model

Statistical information about the number of alerts per device during last set number of days.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• device_id (str) – Device identifier.

• alerts_count (int) – Number of alerts raised for this device.

class azure.mgmt.security.models.IoTSecurityDeviceAlert(**kwargs)

Bases: msrest.serialization.Model

Statistical information about the number of alerts per alert type during last set number of days.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• alert_display_name (str) – Display name of the alert

• reported_severity (str or ReportedSeverity) – Assessed Alert severity. Possible values include: ‘Informational’, ‘Low’, ‘Medium’, ‘High’

• alerts_count (int) – Number of alerts raised for this alert type.

class azure.mgmt.security.models.IoTSecurityDeviceRecommendation(**kwargs)

Bases: msrest.serialization.Model

Statistical information about the number of recommendations per device, per recommendation type.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• recommendation_display_name (str) – Display name of the recommendation.

• reported_severity (str or ReportedSeverity) – Assessed recommendation severity. Possible values include: ‘Informational’, ‘Low’, ‘Medium’, ‘High’

• devices_count (int) – Number of devices with this recommendation.

class azure.mgmt.security.models.IoTSecuritySolutionAnalyticsModel(*, top_alerted_devices=None, most_prevalent_device_alerts=None, most_prevalent_device_recommendations=None, **kwargs)

Bases: azure.mgmt.security.models._models_py3.Resource

Security analytics of your IoT Security solution.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• id (str) – Resource Id

• name (str) – Resource name

• type (str) – Resource type

• metrics (IoTSeverityMetrics) – Security analytics of your IoT Security solution.

• unhealthy_device_count (int) – Number of unhealthy devices within your IoT Security solution.

• devices_metrics (list[IoTSecuritySolutionAnalyticsModelPropertiesDevicesMetricsItem]) – List of device metrics by the aggregation date.

Parameters

• top_alerted_devices (list[IoTSecurityAlertedDevice]) – List of the 3 devices with the most alerts.

• most_prevalent_device_alerts (list[IoTSecurityDeviceAlert]) – List of the 3 most prevalent device alerts.

• most_prevalent_device_recommendations (list[IoTSecurityDeviceRecommendation]) – List of the 3 most prevalent device recommendations.

class azure.mgmt.security.models.IoTSecuritySolutionAnalyticsModelList(*, value, **kwargs)

Bases: msrest.serialization.Model

List of Security analytics of your IoT Security solution.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Parameters

value (list[IoTSecuritySolutionAnalyticsModel]) – Required. List of Security analytics of your IoT Security solution

Variables

next_link (str) – When there is too much alert data for one page, use this URI to fetch the next page.

class azure.mgmt.security.models.IoTSecuritySolutionAnalyticsModelPropertiesDevicesMetricsItem(*, date_property=None, devices_metrics=None, **kwargs)

Bases: msrest.serialization.Model

IoTSecuritySolutionAnalyticsModelPropertiesDevicesMetricsItem.

Parameters

• date_property (datetime) – Aggregation of IoT Security solution device alert metrics by date.

• devices_metrics (IoTSeverityMetrics) – Device alert count by severity.

class azure.mgmt.security.models.IoTSecuritySolutionModel(*, display_name: str, iot_hubs, tags=None, location: str = None, workspace: str = None, status='Enabled', export=None, disabled_data_sources=None, user_defined_resources=None, recommendations_configuration=None, unmasked_ip_logging_status='Disabled', **kwargs)

Bases: msrest.serialization.Model

IoT Security solution configuration and resource information.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

• id (str) – Resource Id

• name (str) – Resource name

• type (str) – Resource type

• auto_discovered_resources (list[str]) – List of resources that were automatically discovered as relevant to the security solution.

Parameters

• tags (dict[str, str]) – Resource tags

• location (str) – The resource location.

• workspace (str) – Workspace resource ID

• display_name (str) – Required. Resource display name.

• status (str or SecuritySolutionStatus) – Status of the IoT Security solution. Possible values include: ‘Enabled’, ‘Disabled’. Default value: “Enabled” .

• export (list[str or ExportData]) – List of additional options for exporting to workspace data.

• disabled_data_sources (list[str or DataSource]) – Disabled data sources. Disabling these data sources compromises the system.

• iot_hubs (list[str]) – Required. IoT Hub resource IDs

• user_defined_resources (UserDefinedResourcesProperties) –

• recommendations_configuration (list[RecommendationConfigurationProperties]) –

• unmasked_ip_logging_status (str or UnmaskedIpLoggingStatus) – Unmasked IP address logging status. Possible values include: ‘Disabled’, ‘Enabled’. Default value: “Disabled” .

class azure.mgmt.security.models.IoTSecuritySolutionModelPaged(*args, **kwargs)

Bases: msrest.paging.Paged

A paging container for iterating over a list of IoTSecuritySolutionModel object

Bring async to Paging.

“async_command” is mandatory keyword argument for this mixin to work.

class azure.mgmt.security.models.IoTSeverityMetrics(*, high: int = None, medium: int = None, low: int = None, **kwargs)

Bases: msrest.serialization.Model

IoT Security solution analytics severity metrics.

Parameters

• high (int) – Count of high severity alerts/recommendations.

• medium (int) – Count of medium severity alerts/recommendations.

• low (int) – Count of low severity alerts/recommendations.

class azure.mgmt.security.models.JitNetworkAccessPolicy(*, virtual_machines, kind: str = None, requests=None, **kwargs)

Bases: msrest.serialization.Model

JitNetworkAccessPolicy.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

• id (str) – Resource Id

• name (str) – Resource name

• type (str) – Resource type

• location (str) – Location where the resource is stored

• provisioning_state (str) – Gets the provisioning state of the Just-in-Time policy.

Parameters

• kind (str) – Kind of the resource

• virtual_machines (list[JitNetworkAccessPolicyVirtualMachine]) – Required. Configurations for Microsoft.Compute/virtualMachines resource type.

• requests (list[JitNetworkAccessRequest]) –

class azure.mgmt.security.models.JitNetworkAccessPolicyInitiatePort(*, number: int, end_time_utc, allowed_source_address_prefix: str = None, **kwargs)

Bases: msrest.serialization.Model

JitNetworkAccessPolicyInitiatePort.

All required parameters must be populated in order to send to Azure.

Parameters

• number (int) – Required.

• allowed_source_address_prefix (str) – Source of the allowed traffic. If omitted, the request will be for the source IP address of the initiate request.

• end_time_utc (datetime) – Required. The time to close the request in UTC

class azure.mgmt.security.models.JitNetworkAccessPolicyInitiateRequest(*, virtual_machines, justification: str = None, **kwargs)

Bases: msrest.serialization.Model

JitNetworkAccessPolicyInitiateRequest.

All required parameters must be populated in order to send to Azure.

Parameters

• virtual_machines (list[JitNetworkAccessPolicyInitiateVirtualMachine]) – Required. A list of virtual machines & ports to open access for

• justification (str) – The justification for making the initiate request

class azure.mgmt.security.models.JitNetworkAccessPolicyInitiateVirtualMachine(*, id: str, ports, **kwargs)

Bases: msrest.serialization.Model

JitNetworkAccessPolicyInitiateVirtualMachine.

All required parameters must be populated in order to send to Azure.

Parameters

• id (str) – Required. Resource ID of the virtual machine that is linked to this policy

• ports (list[JitNetworkAccessPolicyInitiatePort]) – Required. The ports to open for the resource with the id

class azure.mgmt.security.models.JitNetworkAccessPolicyPaged(*args, **kwargs)

Bases: msrest.paging.Paged

A paging container for iterating over a list of JitNetworkAccessPolicy object

Bring async to Paging.

“async_command” is mandatory keyword argument for this mixin to work.

class azure.mgmt.security.models.JitNetworkAccessPolicyVirtualMachine(*, id: str, ports, public_ip_address: str = None, **kwargs)

Bases: msrest.serialization.Model

JitNetworkAccessPolicyVirtualMachine.

All required parameters must be populated in order to send to Azure.

Parameters

• id (str) – Required. Resource ID of the virtual machine that is linked to this policy

• ports (list[JitNetworkAccessPortRule]) – Required. Port configurations for the virtual machine

• public_ip_address (str) – Public IP address of the Azure Firewall that is linked to this policy, if applicable

class azure.mgmt.security.models.JitNetworkAccessPortRule(*, number: int, protocol, max_request_access_duration: str, allowed_source_address_prefix: str = None, allowed_source_address_prefixes=None, **kwargs)

Bases: msrest.serialization.Model

JitNetworkAccessPortRule.

All required parameters must be populated in order to send to Azure.

Parameters

• number (int) – Required.

• protocol (str or Protocol) – Required. Possible values include: ‘TCP’, ‘UDP’, ‘All’

• allowed_source_address_prefix (str) – Mutually exclusive with the “allowedSourceAddressPrefixes” parameter. Should be an IP address or CIDR, for example “192.168.0.3” or “192.168.0.0/16”.

• allowed_source_address_prefixes (list[str]) – Mutually exclusive with the “allowedSourceAddressPrefix” parameter.

• max_request_access_duration (str) – Required. Maximum duration requests can be made for. In ISO 8601 duration format. Minimum 5 minutes, maximum 1 day

class azure.mgmt.security.models.JitNetworkAccessRequest(*, virtual_machines, start_time_utc, requestor: str, justification: str = None, **kwargs)

Bases: msrest.serialization.Model

JitNetworkAccessRequest.

All required parameters must be populated in order to send to Azure.

Parameters

• virtual_machines (list[JitNetworkAccessRequestVirtualMachine]) – Required.

• start_time_utc (datetime) – Required. The start time of the request in UTC

• requestor (str) – Required. The identity of the person who made the request

• justification (str) – The justification for making the initiate request

class azure.mgmt.security.models.JitNetworkAccessRequestPort(*, number: int, end_time_utc, status, status_reason, allowed_source_address_prefix: str = None, allowed_source_address_prefixes=None, mapped_port: int = None, **kwargs)

Bases: msrest.serialization.Model

JitNetworkAccessRequestPort.

All required parameters must be populated in order to send to Azure.

Parameters

• number (int) – Required.

• allowed_source_address_prefix (str) – Mutually exclusive with the “allowedSourceAddressPrefixes” parameter. Should be an IP address or CIDR, for example “192.168.0.3” or “192.168.0.0/16”.

• allowed_source_address_prefixes (list[str]) – Mutually exclusive with the “allowedSourceAddressPrefix” parameter.

• end_time_utc (datetime) – Required. The date & time at which the request ends in UTC

• status (str or Status) – Required. The status of the port. Possible values include: ‘Revoked’, ‘Initiated’

• status_reason (str or StatusReason) – Required. A description of why the status has its value. Possible values include: ‘Expired’, ‘UserRequested’, ‘NewerRequestInitiated’

• mapped_port (int) – The port which is mapped to this port’s number in the Azure Firewall, if applicable

class azure.mgmt.security.models.JitNetworkAccessRequestVirtualMachine(*, id: str, ports, **kwargs)

Bases: msrest.serialization.Model

JitNetworkAccessRequestVirtualMachine.

All required parameters must be populated in order to send to Azure.

Parameters

• id (str) – Required. Resource ID of the virtual machine that is linked to this policy

• ports (list[JitNetworkAccessRequestPort]) – Required. The ports that were opened for the virtual machine

class azure.mgmt.security.models.Kind(*, kind: str = None, **kwargs)

Bases: msrest.serialization.Model

Describes an Azure resource with kind.

Parameters

kind (str) – Kind of the resource

class azure.mgmt.security.models.ListCustomAlertRule(*, is_enabled: bool, **kwargs)

Bases: azure.mgmt.security.models._models_py3.CustomAlertRule

A List custom alert rule.

You probably want to use the sub-classes and not this class directly. Known sub-classes are: AllowlistCustomAlertRule, DenylistCustomAlertRule

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

• display_name (str) – The display name of the custom alert.

• description (str) – The description of the custom alert.

• value_type (str or ValueType) – The value type of the items in the list. Possible values include: ‘IpCidr’, ‘String’

Parameters

• is_enabled (bool) – Required. Status of the custom alert.

• rule_type (str) – Required. Constant filled by server.

class azure.mgmt.security.models.LocalUserNotAllowed(*, is_enabled: bool, allowlist_values, **kwargs)

Bases: azure.mgmt.security.models._models_py3.AllowlistCustomAlertRule

Login by a local user that isn’t allowed. Allow list consists of login names to allow.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

• display_name (str) – The display name of the custom alert.

• description (str) – The description of the custom alert.

• value_type (str or ValueType) – The value type of the items in the list. Possible values include: ‘IpCidr’, ‘String’

Parameters

• is_enabled (bool) – Required. Status of the custom alert.

• rule_type (str) – Required. Constant filled by server.

• allowlist_values (list[str]) – Required. The values to allow. The format of the values depends on the rule type.

class azure.mgmt.security.models.Location(**kwargs)

Bases: msrest.serialization.Model

Describes an Azure resource with location.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

location (str) – Location where the resource is stored

class azure.mgmt.security.models.MqttC2DMessagesNotInAllowedRange(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size, **kwargs)

Bases: azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule

Number of cloud to device messages (MQTT protocol) is not in allowed range.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

• display_name (str) – The display name of the custom alert.

• description (str) – The description of the custom alert.

Parameters

• is_enabled (bool) – Required. Status of the custom alert.

• rule_type (str) – Required. Constant filled by server.

• min_threshold (int) – Required. The minimum threshold.

• max_threshold (int) – Required. The maximum threshold.

• time_window_size (timedelta) – Required. The time window size in iso8601 format.

class azure.mgmt.security.models.MqttC2DRejectedMessagesNotInAllowedRange(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size, **kwargs)

Bases: azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule

Number of rejected cloud to device messages (MQTT protocol) is not in allowed range.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

• display_name (str) – The display name of the custom alert.

• description (str) – The description of the custom alert.

Parameters

• is_enabled (bool) – Required. Status of the custom alert.

• rule_type (str) – Required. Constant filled by server.

• min_threshold (int) – Required. The minimum threshold.

• max_threshold (int) – Required. The maximum threshold.

• time_window_size (timedelta) – Required. The time window size in iso8601 format.

class azure.mgmt.security.models.MqttD2CMessagesNotInAllowedRange(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size, **kwargs)

Bases: azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule

Number of device to cloud messages (MQTT protocol) is not in allowed range.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

• display_name (str) – The display name of the custom alert.

• description (str) – The description of the custom alert.

Parameters

• is_enabled (bool) – Required. Status of the custom alert.

• rule_type (str) – Required. Constant filled by server.

• min_threshold (int) – Required. The minimum threshold.

• max_threshold (int) – Required. The maximum threshold.

• time_window_size (timedelta) – Required. The time window size in iso8601 format.

class azure.mgmt.security.models.OnPremiseResourceDetails(*, workspace_id: str, vmuuid: str, source_computer_id: str, machine_name: str, **kwargs)

Bases: azure.mgmt.security.models._models_py3.ResourceDetails

Details of the On Premise resource that was assessed.

All required parameters must be populated in order to send to Azure.

Parameters

• source (str) – Required. Constant filled by server.

• workspace_id (str) – Required. Azure resource Id of the workspace the machine is attached to

• vmuuid (str) – Required. The unique Id of the machine

• source_computer_id (str) – Required. The oms agent Id installed on the machine

• machine_name (str) – Required. The name of the machine

class azure.mgmt.security.models.Operation(*, display=None, **kwargs)

Bases: msrest.serialization.Model

Possible operation in the REST API of Microsoft.Security.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• name (str) – Name of the operation

• origin (str) – Where the operation is originated

Parameters

display (OperationDisplay) –

class azure.mgmt.security.models.OperationDisplay(**kwargs)

Bases: msrest.serialization.Model

Security operation display.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• provider (str) – The resource provider for the operation.

• resource (str) – The display name of the resource the operation applies to.

• operation (str) – The display name of the security operation.

• description (str) – The description of the operation.

class azure.mgmt.security.models.OperationPaged(*args, **kwargs)

Bases: msrest.paging.Paged

A paging container for iterating over a list of Operation object

Bring async to Paging.

“async_command” is mandatory keyword argument for this mixin to work.

class azure.mgmt.security.models.Operator(value)

Bases: str, enum.Enum

An enumeration.

contains = 'Contains'

ends_with = 'EndsWith'

equals = 'Equals'

greater_than = 'GreaterThan'

greater_than_or_equal_to = 'GreaterThanOrEqualTo'

lesser_than = 'LesserThan'

lesser_than_or_equal_to = 'LesserThanOrEqualTo'

not_equals = 'NotEquals'

starts_with = 'StartsWith'

class azure.mgmt.security.models.PathRecommendation(*, path: str = None, action=None, type=None, publisher_info=None, common: bool = None, user_sids=None, usernames=None, file_type=None, configuration_status=None, **kwargs)

Bases: msrest.serialization.Model

Represents a path that is recommended to be allowed and its properties.

Parameters

• path (str) – The full path to whitelist

• action (str or enum) – Possible values include: ‘Recommended’, ‘Add’, ‘Remove’

• type (str or enum) – Possible values include: ‘File’, ‘FileHash’, ‘PublisherSignature’, ‘ProductSignature’, ‘BinarySignature’, ‘VersionAndAboveSignature’

• publisher_info (PublisherInfo) –

• common (bool) – Whether the path is commonly run on the machine

• user_sids (list[str]) –

• usernames (list[UserRecommendation]) –

• file_type (str or enum) – Possible values include: ‘Exe’, ‘Dll’, ‘Msi’, ‘Script’, ‘Executable’, ‘Unknown’

• configuration_status (str or enum) – Possible values include: ‘Configured’, ‘NotConfigured’, ‘InProgress’, ‘Failed’, ‘NoStatus’

class azure.mgmt.security.models.Pricing(*, pricing_tier, **kwargs)

Bases: azure.mgmt.security.models._models_py3.Resource

Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

• id (str) – Resource Id

• name (str) – Resource name

• type (str) – Resource type

• free_trial_remaining_time (timedelta) – The duration left for the subscriptions free trial period - in ISO 8601 format (e.g. P3Y6M4DT12H30M5S).

Parameters

pricing_tier (str or PricingTier) – Required. The pricing tier value. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. Possible values include: ‘Free’, ‘Standard’

class azure.mgmt.security.models.PricingList(*, value, **kwargs)

Bases: msrest.serialization.Model

List of pricing configurations response.

All required parameters must be populated in order to send to Azure.

Parameters

value (list[Pricing]) – Required. List of pricing configurations

class azure.mgmt.security.models.PricingTier(value)

Bases: str, enum.Enum

An enumeration.

free = 'Free'

Get free Azure security center experience with basic security features

standard = 'Standard'

Get the standard Azure security center experience with advanced security features

class azure.mgmt.security.models.ProcessNotAllowed(*, is_enabled: bool, allowlist_values, **kwargs)

Bases: azure.mgmt.security.models._models_py3.AllowlistCustomAlertRule

Execution of a process that isn’t allowed. Allow list consists of process names to allow.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

• display_name (str) – The display name of the custom alert.

• description (str) – The description of the custom alert.

• value_type (str or ValueType) – The value type of the items in the list. Possible values include: ‘IpCidr’, ‘String’

Parameters

• is_enabled (bool) – Required. Status of the custom alert.

• rule_type (str) – Required. Constant filled by server.

• allowlist_values (list[str]) – Required. The values to allow. The format of the values depends on the rule type.

class azure.mgmt.security.models.PropertyType(value)

Bases: str, enum.Enum

An enumeration.

boolean = 'Boolean'

integer = 'Integer'

number = 'Number'

string = 'String'

class azure.mgmt.security.models.ProtectionMode(*, exe=None, msi=None, script=None, executable=None, **kwargs)

Bases: msrest.serialization.Model

The protection mode of the collection/file types. Exe/Msi/Script are used for Windows, Executable is used for Linux.

Parameters

• exe (str or enum) – Possible values include: ‘Audit’, ‘Enforce’, ‘None’

• msi (str or enum) – Possible values include: ‘Audit’, ‘Enforce’, ‘None’

• script (str or enum) – Possible values include: ‘Audit’, ‘Enforce’, ‘None’

• executable (str or enum) – Possible values include: ‘Audit’, ‘Enforce’, ‘None’

class azure.mgmt.security.models.Protocol(value)

Bases: str, enum.Enum

An enumeration.

all = '*'

tcp = 'TCP'

udp = 'UDP'

class azure.mgmt.security.models.PublisherInfo(*, publisher_name: str = None, product_name: str = None, binary_name: str = None, version: str = None, **kwargs)

Bases: msrest.serialization.Model

Represents the publisher information of a process/rule.

Parameters

• publisher_name (str) – The Subject field of the x.509 certificate used to sign the code, using the following fields - O = Organization, L = Locality, S = State or Province, and C = Country

• product_name (str) – The product name taken from the file’s version resource

• binary_name (str) – The “OriginalName” field taken from the file’s version resource

• version (str) – The binary file version taken from the file’s version resource

class azure.mgmt.security.models.QueuePurgesNotInAllowedRange(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size, **kwargs)

Bases: azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule

Number of device queue purges is not in allowed range.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

• display_name (str) – The display name of the custom alert.

• description (str) – The description of the custom alert.

Parameters

• is_enabled (bool) – Required. Status of the custom alert.

• rule_type (str) – Required. Constant filled by server.

• min_threshold (int) – Required. The minimum threshold.

• max_threshold (int) – Required. The maximum threshold.

• time_window_size (timedelta) – Required. The time window size in iso8601 format.

class azure.mgmt.security.models.Rank(value)

Bases: str, enum.Enum

An enumeration.

critical = 'Critical'

high = 'High'

low = 'Low'

medium = 'Medium'

none = 'None'

class azure.mgmt.security.models.RecommendationConfigStatus(value)

Bases: str, enum.Enum

An enumeration.

disabled = 'Disabled'

enabled = 'Enabled'

class azure.mgmt.security.models.RecommendationConfigurationProperties(*, recommendation_type, status='Enabled', **kwargs)

Bases: msrest.serialization.Model

The type of IoT Security recommendation.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Parameters

• recommendation_type (str or RecommendationType) – Required. The type of IoT Security recommendation. Possible values include: ‘IoT_ACRAuthentication’, ‘IoT_AgentSendsUnutilizedMessages’, ‘IoT_Baseline’, ‘IoT_EdgeHubMemOptimize’, ‘IoT_EdgeLoggingOptions’, ‘IoT_InconsistentModuleSettings’, ‘IoT_InstallAgent’, ‘IoT_IPFilter_DenyAll’, ‘IoT_IPFilter_PermissiveRule’, ‘IoT_OpenPorts’, ‘IoT_PermissiveFirewallPolicy’, ‘IoT_PermissiveInputFirewallRules’, ‘IoT_PermissiveOutputFirewallRules’, ‘IoT_PrivilegedDockerOptions’, ‘IoT_SharedCredentials’, ‘IoT_VulnerableTLSCipherSuite’

• status (str or RecommendationConfigStatus) – Required. Recommendation status. When the recommendation status is disabled recommendations are not generated. Possible values include: ‘Disabled’, ‘Enabled’. Default value: “Enabled” .

Variables

name (str) –

class azure.mgmt.security.models.RecommendationType(value)

Bases: str, enum.Enum

An enumeration.

io_t_acrauthentication = 'IoT_ACRAuthentication'

Authentication schema used for pull an edge module from an ACR repository does not use Service Principal Authentication.

io_t_agent_sends_unutilized_messages = 'IoT_AgentSendsUnutilizedMessages'

IoT agent message size capacity is currently underutilized, causing an increase in the number of sent messages. Adjust message intervals for better utilization.

io_t_baseline = 'IoT_Baseline'

Identified security related system configuration issues.

io_t_edge_hub_mem_optimize = 'IoT_EdgeHubMemOptimize'

You can optimize Edge Hub memory usage by turning off protocol heads for any protocols not used by Edge modules in your solution.

io_t_edge_logging_options = 'IoT_EdgeLoggingOptions'

Logging is disabled for this edge module.

io_t_inconsistent_module_settings = 'IoT_InconsistentModuleSettings'

A minority within a device security group has inconsistent Edge Module settings with the rest of their group.

io_t_install_agent = 'IoT_InstallAgent'

Install the Azure Security of Things Agent.

io_t_ipfilter_deny_all = 'IoT_IPFilter_DenyAll'

IP Filter Configuration should have rules defined for allowed traffic and should deny all other traffic by default.

io_t_ipfilter_permissive_rule = 'IoT_IPFilter_PermissiveRule'

An Allow IP Filter rules source IP range is too large. Overly permissive rules might expose your IoT hub to malicious intenders.

io_t_open_ports = 'IoT_OpenPorts'

A listening endpoint was found on the device.

io_t_permissive_firewall_policy = 'IoT_PermissiveFirewallPolicy'

An Allowed firewall policy was found (INPUT/OUTPUT). The policy should Deny all traffic by default and define rules to allow necessary communication to/from the device.

io_t_permissive_input_firewall_rules = 'IoT_PermissiveInputFirewallRules'

A rule in the firewall has been found that contains a permissive pattern for a wide range of IP addresses or Ports.

io_t_permissive_output_firewall_rules = 'IoT_PermissiveOutputFirewallRules'

A rule in the firewall has been found that contains a permissive pattern for a wide range of IP addresses or Ports.

io_t_privileged_docker_options = 'IoT_PrivilegedDockerOptions'

Edge module is configured to run in privileged mode, with extensive Linux capabilities or with host-level network access (send/receive data to host machine).

io_t_shared_credentials = 'IoT_SharedCredentials'

Same authentication credentials to the IoT Hub used by multiple devices. This could indicate an illegitimate device impersonating a legitimate device. It also exposes the risk of device impersonation by an attacker.

io_t_vulnerable_tls_cipher_suite = 'IoT_VulnerableTLSCipherSuite'

Insecure TLS configurations detected. Immediate upgrade recommended.

class azure.mgmt.security.models.RegulatoryComplianceAssessment(*, state=None, **kwargs)

Bases: azure.mgmt.security.models._models_py3.Resource

Regulatory compliance assessment details and state.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• id (str) – Resource Id

• name (str) – Resource name

• type (str) – Resource type

• description (str) – The description of the regulatory compliance assessment

• assessment_type (str) – The expected type of assessment contained in the AssessmentDetailsLink

• assessment_details_link (str) – Link to more detailed assessment results data. The response type will be according to the assessmentType field

• passed_resources (int) – The given assessment’s related resources count with passed state.

• failed_resources (int) – The given assessment’s related resources count with failed state.

• skipped_resources (int) – The given assessment’s related resources count with skipped state.

• unsupported_resources (int) – The given assessment’s related resources count with unsupported state.

Parameters

state (str or State) – Aggregative state based on the assessment’s scanned resources states. Possible values include: ‘Passed’, ‘Failed’, ‘Skipped’, ‘Unsupported’

class azure.mgmt.security.models.RegulatoryComplianceAssessmentPaged(*args, **kwargs)

Bases: msrest.paging.Paged

A paging container for iterating over a list of RegulatoryComplianceAssessment object

Bring async to Paging.

“async_command” is mandatory keyword argument for this mixin to work.

class azure.mgmt.security.models.RegulatoryComplianceControl(*, state=None, **kwargs)

Bases: azure.mgmt.security.models._models_py3.Resource

Regulatory compliance control details and state.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• id (str) – Resource Id

• name (str) – Resource name

• type (str) – Resource type

• description (str) – The description of the regulatory compliance control

• passed_assessments (int) – The number of supported regulatory compliance assessments of the given control with a passed state

• failed_assessments (int) – The number of supported regulatory compliance assessments of the given control with a failed state

• skipped_assessments (int) – The number of supported regulatory compliance assessments of the given control with a skipped state

Parameters

state (str or State) – Aggregative state based on the control’s supported assessments states. Possible values include: ‘Passed’, ‘Failed’, ‘Skipped’, ‘Unsupported’

class azure.mgmt.security.models.RegulatoryComplianceControlPaged(*args, **kwargs)

Bases: msrest.paging.Paged

A paging container for iterating over a list of RegulatoryComplianceControl object

Bring async to Paging.

“async_command” is mandatory keyword argument for this mixin to work.

class azure.mgmt.security.models.RegulatoryComplianceStandard(*, state=None, **kwargs)

Bases: azure.mgmt.security.models._models_py3.Resource

Regulatory compliance standard details and state.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• id (str) – Resource Id

• name (str) – Resource name

• type (str) – Resource type

• passed_controls (int) – The number of supported regulatory compliance controls of the given standard with a passed state

• failed_controls (int) – The number of supported regulatory compliance controls of the given standard with a failed state

• skipped_controls (int) – The number of supported regulatory compliance controls of the given standard with a skipped state

• unsupported_controls (int) – The number of regulatory compliance controls of the given standard which are unsupported by automated assessments

Parameters

state (str or State) – Aggregative state based on the standard’s supported controls states. Possible values include: ‘Passed’, ‘Failed’, ‘Skipped’, ‘Unsupported’

class azure.mgmt.security.models.RegulatoryComplianceStandardPaged(*args, **kwargs)

Bases: msrest.paging.Paged

A paging container for iterating over a list of RegulatoryComplianceStandard object

Bring async to Paging.

“async_command” is mandatory keyword argument for this mixin to work.

class azure.mgmt.security.models.ReportedSeverity(value)

Bases: str, enum.Enum

An enumeration.

high = 'High'

informational = 'Informational'

low = 'Low'

medium = 'Medium'

class azure.mgmt.security.models.Resource(**kwargs)

Bases: msrest.serialization.Model

Describes an Azure resource.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• id (str) – Resource Id

• name (str) – Resource name

• type (str) – Resource type

class azure.mgmt.security.models.ResourceDetails(**kwargs)

Bases: msrest.serialization.Model

Details of the resource that was assessed.

You probably want to use the sub-classes and not this class directly. Known sub-classes are: OnPremiseResourceDetails, AzureResourceDetails

All required parameters must be populated in order to send to Azure.

Parameters

source (str) – Required. Constant filled by server.

class azure.mgmt.security.models.ResourceStatus(value)

Bases: str, enum.Enum

An enumeration.

healthy = 'Healthy'

This assessment on the resource is healthy

not_applicable = 'NotApplicable'

This assessment is not applicable to this resource

not_healthy = 'NotHealthy'

This assessment on the resource is not healthy

off_by_policy = 'OffByPolicy'

This assessment is turned off by policy on this subscription

class azure.mgmt.security.models.Rule(*, name: str = None, direction=None, destination_port: int = None, protocols=None, ip_addresses=None, **kwargs)

Bases: msrest.serialization.Model

Describes remote addresses that is recommended to communicate with the Azure resource on some (Protocol, Port, Direction). All other remote addresses are recommended to be blocked.

Parameters

• name (str) – The name of the rule

• direction (str or Direction) – The rule’s direction. Possible values include: ‘Inbound’, ‘Outbound’

• destination_port (int) – The rule’s destination port

• protocols (list[str or TransportProtocol]) – The rule’s transport protocols

• ip_addresses (list[str]) – The remote IP addresses that should be able to communicate with the Azure resource on the rule’s destination port and protocol

class azure.mgmt.security.models.RuleState(value)

Bases: str, enum.Enum

An enumeration.

disabled = 'Disabled'

enabled = 'Enabled'

expired = 'Expired'

class azure.mgmt.security.models.ScopeElement(*, additional_properties=None, field: str = None, **kwargs)

Bases: msrest.serialization.Model

A more specific scope used to identify the alerts to suppress.

Parameters

• additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection

• field (str) – The alert entity type to suppress by.

class azure.mgmt.security.models.SecureScoreControlDefinitionItem(**kwargs)

Bases: azure.mgmt.security.models._models_py3.Resource

Information about the security control.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• id (str) – Resource Id

• name (str) – Resource name

• type (str) – Resource type

• display_name (str) – User friendly display name of the control

• description (str) – User friendly description of the control

• max_score (int) – Maximum control score (0..10)

• source (SecureScoreControlDefinitionSource) – Source object from which the control was created

• assessment_definitions (list[AzureResourceLink]) – Array of assessments metadata IDs that are included in this security control

class azure.mgmt.security.models.SecureScoreControlDefinitionItemPaged(*args, **kwargs)

Bases: msrest.paging.Paged

A paging container for iterating over a list of SecureScoreControlDefinitionItem object

Bring async to Paging.

“async_command” is mandatory keyword argument for this mixin to work.

class azure.mgmt.security.models.SecureScoreControlDefinitionSource(*, source_type=None, **kwargs)

Bases: msrest.serialization.Model

The type of the security control (For example, BuiltIn).

Parameters

source_type (str or ControlType) – The type of security control (for example, BuiltIn). Possible values include: ‘BuiltIn’, ‘Custom’

class azure.mgmt.security.models.SecureScoreControlDetails(*, definition=None, **kwargs)

Bases: azure.mgmt.security.models._models_py3.Resource

Details of the security control, its score, and the health status of the relevant resources.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• id (str) – Resource Id

• name (str) – Resource name

• type (str) – Resource type

• display_name (str) – User friendly display name of the control

• max (int) – Maximum score available

• current (float) – Current score

• healthy_resource_count (int) – Number of healthy resources in the control

• unhealthy_resource_count (int) – Number of unhealthy resources in the control

• not_applicable_resource_count (int) – Number of not applicable resources in the control

Parameters

definition (SecureScoreControlDefinitionItem) –

class azure.mgmt.security.models.SecureScoreControlDetailsPaged(*args, **kwargs)

Bases: msrest.paging.Paged

A paging container for iterating over a list of SecureScoreControlDetails object

Bring async to Paging.

“async_command” is mandatory keyword argument for this mixin to work.

class azure.mgmt.security.models.SecureScoreControlScore(**kwargs)

Bases: msrest.serialization.Model

Calculation result data.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• max (int) – Maximum control score (0..10)

• current (float) – Actual score for the control = (achieved points / total points) * max score. if total points is zeroed, the return number is 0.00

class azure.mgmt.security.models.SecureScoreItem(**kwargs)

Bases: azure.mgmt.security.models._models_py3.Resource

Secure score item data model.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• id (str) – Resource Id

• name (str) – Resource name

• type (str) – Resource type

• display_name (str) – The initiative’s name

• max (int) – Maximum score available

• current (float) – Current score

class azure.mgmt.security.models.SecureScoreItemPaged(*args, **kwargs)

Bases: msrest.paging.Paged

A paging container for iterating over a list of SecureScoreItem object

Bring async to Paging.

“async_command” is mandatory keyword argument for this mixin to work.

class azure.mgmt.security.models.SecurityAssessment(*, resource_details, status, additional_data=None, links=None, metadata=None, partners_data=None, **kwargs)

Bases: azure.mgmt.security.models._models_py3.Resource

Security assessment on a resource.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

• id (str) – Resource Id

• name (str) – Resource name

• type (str) – Resource type

• display_name (str) – User friendly display name of the assessment

Parameters

• resource_details (ResourceDetails) – Required.

• status (AssessmentStatus) – Required.

• additional_data (dict[str, str]) – Additional data regarding the assessment

• links (AssessmentLinks) –

• metadata (SecurityAssessmentMetadataProperties) –

• partners_data (SecurityAssessmentPartnerData) –

class azure.mgmt.security.models.SecurityAssessmentMetadata(*, display_name: str, severity, assessment_type, description: str = None, remediation_description: str = None, category=None, user_impact=None, implementation_effort=None, threats=None, preview: bool = None, partner_data=None, **kwargs)

Bases: azure.mgmt.security.models._models_py3.Resource

Security assessment metadata.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

• id (str) – Resource Id

• name (str) – Resource name

• type (str) – Resource type

• policy_definition_id (str) – Azure resource ID of the policy definition that turns this assessment calculation on

Parameters

• display_name (str) – Required. User friendly display name of the assessment

• description (str) – Human readable description of the assessment

• remediation_description (str) – Human readable description of what you should do to mitigate this security issue

• category (list[str or Category]) –

• severity (str or Severity) – Required. The severity level of the assessment. Possible values include: ‘Low’, ‘Medium’, ‘High’

• user_impact (str or UserImpact) – The user impact of the assessment. Possible values include: ‘Low’, ‘Moderate’, ‘High’

• implementation_effort (str or ImplementationEffort) – The implementation effort required to remediate this assessment. Possible values include: ‘Low’, ‘Moderate’, ‘High’

• threats (list[str or Threats]) –

• preview (bool) – True if this assessment is in preview release status

• assessment_type (str or AssessmentType) – Required. BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition. Possible values include: ‘BuiltIn’, ‘CustomPolicy’, ‘CustomerManaged’, ‘VerifiedPartner’

• partner_data (SecurityAssessmentMetadataPartnerData) –

class azure.mgmt.security.models.SecurityAssessmentMetadataPaged(*args, **kwargs)

Bases: msrest.paging.Paged

A paging container for iterating over a list of SecurityAssessmentMetadata object

Bring async to Paging.

“async_command” is mandatory keyword argument for this mixin to work.

class azure.mgmt.security.models.SecurityAssessmentMetadataPartnerData(*, partner_name: str, secret: str, product_name: str = None, **kwargs)

Bases: msrest.serialization.Model

Describes the partner that created the assessment.

All required parameters must be populated in order to send to Azure.

Parameters

• partner_name (str) – Required. Name of the company of the partner

• product_name (str) – Name of the product of the partner that created the assessment

• secret (str) – Required. Secret to authenticate the partner and verify it created the assessment - write only

class azure.mgmt.security.models.SecurityAssessmentMetadataProperties(*, display_name: str, severity, assessment_type, description: str = None, remediation_description: str = None, category=None, user_impact=None, implementation_effort=None, threats=None, preview: bool = None, partner_data=None, **kwargs)

Bases: msrest.serialization.Model

Describes properties of an assessment metadata.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Parameters

• display_name (str) – Required. User friendly display name of the assessment

• description (str) – Human readable description of the assessment

• remediation_description (str) – Human readable description of what you should do to mitigate this security issue

• category (list[str or Category]) –

• severity (str or Severity) – Required. The severity level of the assessment. Possible values include: ‘Low’, ‘Medium’, ‘High’

• user_impact (str or UserImpact) – The user impact of the assessment. Possible values include: ‘Low’, ‘Moderate’, ‘High’

• implementation_effort (str or ImplementationEffort) – The implementation effort required to remediate this assessment. Possible values include: ‘Low’, ‘Moderate’, ‘High’

• threats (list[str or Threats]) –

• preview (bool) – True if this assessment is in preview release status

• assessment_type (str or AssessmentType) – Required. BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition. Possible values include: ‘BuiltIn’, ‘CustomPolicy’, ‘CustomerManaged’, ‘VerifiedPartner’

• partner_data (SecurityAssessmentMetadataPartnerData) –

Variables

policy_definition_id (str) – Azure resource ID of the policy definition that turns this assessment calculation on

class azure.mgmt.security.models.SecurityAssessmentPaged(*args, **kwargs)

Bases: msrest.paging.Paged

A paging container for iterating over a list of SecurityAssessment object

Bring async to Paging.

“async_command” is mandatory keyword argument for this mixin to work.

class azure.mgmt.security.models.SecurityAssessmentPartnerData(*, partner_name: str, secret: str, **kwargs)

Bases: msrest.serialization.Model

Data regarding 3rd party partner integration.

All required parameters must be populated in order to send to Azure.

Parameters

• partner_name (str) – Required. Name of the company of the partner

• secret (str) – Required. secret to authenticate the partner - write only

class azure.mgmt.security.models.SecurityContact(*, email: str, alert_notifications, alerts_to_admins, phone: str = None, **kwargs)

Bases: azure.mgmt.security.models._models_py3.Resource

Contact details for security issues.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

• id (str) – Resource Id

• name (str) – Resource name

• type (str) – Resource type

Parameters

• email (str) – Required. The email of this security contact

• phone (str) – The phone number of this security contact

• alert_notifications (str or AlertNotifications) – Required. Whether to send security alerts notifications to the security contact. Possible values include: ‘On’, ‘Off’

• alerts_to_admins (str or AlertsToAdmins) – Required. Whether to send security alerts notifications to subscription admins. Possible values include: ‘On’, ‘Off’

class azure.mgmt.security.models.SecurityContactPaged(*args, **kwargs)

Bases: msrest.paging.Paged

A paging container for iterating over a list of SecurityContact object

Bring async to Paging.

“async_command” is mandatory keyword argument for this mixin to work.

class azure.mgmt.security.models.SecurityFamily(value)

Bases: str, enum.Enum

An enumeration.

ngfw = 'Ngfw'

saas_waf = 'SaasWaf'

va = 'Va'

waf = 'Waf'

class azure.mgmt.security.models.SecuritySolutionStatus(value)

Bases: str, enum.Enum

An enumeration.

disabled = 'Disabled'

enabled = 'Enabled'

class azure.mgmt.security.models.SecuritySubAssessment(*, status=None, resource_details=None, additional_data=None, **kwargs)

Bases: azure.mgmt.security.models._models_py3.Resource

Security sub-assessment on a resource.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• id (str) – Resource Id

• name (str) – Resource name

• type (str) – Resource type

• security_sub_assessment_id (str) – Vulnerability ID

• display_name (str) – User friendly display name of the sub-assessment

• remediation (str) – Information on how to remediate this sub-assessment

• impact (str) – Description of the impact of this sub-assessment

• category (str) – Category of the sub-assessment

• description (str) – Human readable description of the assessment status

• time_generated (datetime) – The date and time the sub-assessment was generated

Parameters

• status (SubAssessmentStatus) –

• resource_details (ResourceDetails) –

• additional_data (AdditionalData) –

class azure.mgmt.security.models.SecuritySubAssessmentPaged(*args, **kwargs)

Bases: msrest.paging.Paged

A paging container for iterating over a list of SecuritySubAssessment object

Bring async to Paging.

“async_command” is mandatory keyword argument for this mixin to work.

class azure.mgmt.security.models.SecurityTask(*, security_task_parameters=None, **kwargs)

Bases: azure.mgmt.security.models._models_py3.Resource

Security task that we recommend to do in order to strengthen security.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• id (str) – Resource Id

• name (str) – Resource name

• type (str) – Resource type

• state (str) – State of the task (Active, Resolved etc.)

• creation_time_utc (datetime) – The time this task was discovered in UTC

• last_state_change_time_utc (datetime) – The time this task’s details were last changed in UTC

• sub_state (str) – Additional data on the state of the task

Parameters

security_task_parameters (SecurityTaskParameters) –

class azure.mgmt.security.models.SecurityTaskPaged(*args, **kwargs)

Bases: msrest.paging.Paged

A paging container for iterating over a list of SecurityTask object

Bring async to Paging.

“async_command” is mandatory keyword argument for this mixin to work.

class azure.mgmt.security.models.SecurityTaskParameters(*, additional_properties=None, **kwargs)

Bases: msrest.serialization.Model

Changing set of properties, depending on the task type that is derived from the name field.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters

additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection

Variables

name (str) – Name of the task type

class azure.mgmt.security.models.SensitivityLabel(*, display_name: str = None, description: str = None, rank=None, order: int = None, enabled: bool = None, **kwargs)

Bases: msrest.serialization.Model

The sensitivity label.

Parameters

• display_name (str) – The name of the sensitivity label.

• description (str) – The description of the sensitivity label.

• rank (str or Rank) – The rank of the sensitivity label. Possible values include: ‘None’, ‘Low’, ‘Medium’, ‘High’, ‘Critical’

• order (int) – The order of the sensitivity label.

• enabled (bool) – Indicates whether the label is enabled or not.

class azure.mgmt.security.models.ServerVulnerabilityAssessment(**kwargs)

Bases: azure.mgmt.security.models._models_py3.Resource

Describes the server vulnerability assessment details on a resource.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• id (str) – Resource Id

• name (str) – Resource name

• type (str) – Resource type

• provisioning_state (str or enum) – The provisioningState of the vulnerability assessment capability on the VM. Possible values include: ‘Succeeded’, ‘Failed’, ‘Canceled’, ‘Provisioning’, ‘Deprovisioning’

class azure.mgmt.security.models.ServerVulnerabilityAssessmentsList(*, value=None, **kwargs)

Bases: msrest.serialization.Model

List of server vulnerability assessments.

Parameters

value (list[ServerVulnerabilityAssessment]) –

class azure.mgmt.security.models.ServerVulnerabilityProperties(**kwargs)

Bases: azure.mgmt.security.models._models_py3.AdditionalData

Additional context fields for server vulnerability assessment.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Parameters

assessed_resource_type (str) – Required. Constant filled by server.

Variables

• type (str) – Vulnerability Type. e.g: Vulnerability, Potential Vulnerability, Information Gathered

• cvss (dict[str, CVSS]) – Dictionary from cvss version to cvss details object

• patchable (bool) – Indicates whether a patch is available or not

• cve (list[CVE]) – List of CVEs

• threat (str) – Threat name

• published_time (datetime) – Published time

• vendor_references (list[VendorReference]) –

class azure.mgmt.security.models.Setting(**kwargs)

Bases: azure.mgmt.security.models._models_py3.SettingResource

Represents a security setting in Azure Security Center.

You probably want to use the sub-classes and not this class directly. Known sub-classes are: DataExportSettings

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

• id (str) – Resource Id

• name (str) – Resource name

• type (str) – Resource type

Parameters

kind (str) – Required. Constant filled by server.

class azure.mgmt.security.models.SettingPaged(*args, **kwargs)

Bases: msrest.paging.Paged

A paging container for iterating over a list of Setting object

Bring async to Paging.

“async_command” is mandatory keyword argument for this mixin to work.

class azure.mgmt.security.models.SettingResource(**kwargs)

Bases: azure.mgmt.security.models._models_py3.Resource

The kind of the security setting.

You probably want to use the sub-classes and not this class directly. Known sub-classes are: Setting

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

• id (str) – Resource Id

• name (str) – Resource name

• type (str) – Resource type

Parameters

kind (str) – Required. Constant filled by server.

class azure.mgmt.security.models.Severity(value)

Bases: str, enum.Enum

An enumeration.

high = 'High'

low = 'Low'

medium = 'Medium'

class azure.mgmt.security.models.SqlServerVulnerabilityProperties(**kwargs)

Bases: azure.mgmt.security.models._models_py3.AdditionalData

Details of the resource that was assessed.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Parameters

assessed_resource_type (str) – Required. Constant filled by server.

Variables

• type (str) – The resource type the sub assessment refers to in its resource details

• query (str) – The T-SQL query that runs on your SQL database to perform the particular check

class azure.mgmt.security.models.State(value)

Bases: str, enum.Enum

An enumeration.

failed = 'Failed'

At least one supported regulatory compliance control in the given standard has a state of failed

passed = 'Passed'

All supported regulatory compliance controls in the given standard have a passed state

skipped = 'Skipped'

All supported regulatory compliance controls in the given standard have a state of skipped

unsupported = 'Unsupported'

No supported regulatory compliance data for the given standard

class azure.mgmt.security.models.Status(value)

Bases: str, enum.Enum

An enumeration.

initiated = 'Initiated'

revoked = 'Revoked'

class azure.mgmt.security.models.StatusReason(value)

Bases: str, enum.Enum

An enumeration.

expired = 'Expired'

newer_request_initiated = 'NewerRequestInitiated'

user_requested = 'UserRequested'

class azure.mgmt.security.models.SubAssessmentStatus(**kwargs)

Bases: msrest.serialization.Model

Status of the sub-assessment.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• code (str or SubAssessmentStatusCode) – Programmatic code for the status of the assessment. Possible values include: ‘Healthy’, ‘Unhealthy’, ‘NotApplicable’

• cause (str) – Programmatic code for the cause of the assessment status

• description (str) – Human readable description of the assessment status

• severity (str or Severity) – The sub-assessment severity level. Possible values include: ‘Low’, ‘Medium’, ‘High’

class azure.mgmt.security.models.SubAssessmentStatusCode(value)

Bases: str, enum.Enum

An enumeration.

healthy = 'Healthy'

The resource is healthy

not_applicable = 'NotApplicable'

Assessment for this resource did not happen

unhealthy = 'Unhealthy'

The resource has a security issue that needs to be addressed

class azure.mgmt.security.models.SuppressionAlertsScope(*, all_of, **kwargs)

Bases: msrest.serialization.Model

SuppressionAlertsScope.

All required parameters must be populated in order to send to Azure.

Parameters

all_of (list[ScopeElement]) – Required. All the conditions inside need to be true in order to suppress the alert

class azure.mgmt.security.models.Tags(*, tags=None, **kwargs)

Bases: msrest.serialization.Model

A list of key value pairs that describe the resource.

Parameters

tags (dict[str, str]) – A list of key value pairs that describe the resource.

class azure.mgmt.security.models.TagsResource(*, tags=None, **kwargs)

Bases: msrest.serialization.Model

A container holding only the Tags for a resource, allowing the user to update the tags.

Parameters

tags (dict[str, str]) – Resource tags

class azure.mgmt.security.models.Threats(value)

Bases: str, enum.Enum

An enumeration.

account_breach = 'accountBreach'

data_exfiltration = 'dataExfiltration'

data_spillage = 'dataSpillage'

denial_of_service = 'denialOfService'

elevation_of_privilege = 'elevationOfPrivilege'

malicious_insider = 'maliciousInsider'

missing_coverage = 'missingCoverage'

threat_resistance = 'threatResistance'

class azure.mgmt.security.models.ThresholdCustomAlertRule(*, is_enabled: bool, min_threshold: int, max_threshold: int, **kwargs)

Bases: azure.mgmt.security.models._models_py3.CustomAlertRule

A custom alert rule that checks if a value (depends on the custom alert type) is within the given range.

You probably want to use the sub-classes and not this class directly. Known sub-classes are: TimeWindowCustomAlertRule

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

• display_name (str) – The display name of the custom alert.

• description (str) – The description of the custom alert.

Parameters

• is_enabled (bool) – Required. Status of the custom alert.

• rule_type (str) – Required. Constant filled by server.

• min_threshold (int) – Required. The minimum threshold.

• max_threshold (int) – Required. The maximum threshold.

class azure.mgmt.security.models.TimeWindowCustomAlertRule(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size, **kwargs)

Bases: azure.mgmt.security.models._models_py3.ThresholdCustomAlertRule

A custom alert rule that checks if the number of activities (depends on the custom alert type) in a time window is within the given range.

You probably want to use the sub-classes and not this class directly. Known sub-classes are: ActiveConnectionsNotInAllowedRange, AmqpC2DMessagesNotInAllowedRange, MqttC2DMessagesNotInAllowedRange, HttpC2DMessagesNotInAllowedRange, AmqpC2DRejectedMessagesNotInAllowedRange, MqttC2DRejectedMessagesNotInAllowedRange, HttpC2DRejectedMessagesNotInAllowedRange, AmqpD2CMessagesNotInAllowedRange, MqttD2CMessagesNotInAllowedRange, HttpD2CMessagesNotInAllowedRange, DirectMethodInvokesNotInAllowedRange, FailedLocalLoginsNotInAllowedRange, FileUploadsNotInAllowedRange, QueuePurgesNotInAllowedRange, TwinUpdatesNotInAllowedRange, UnauthorizedOperationsNotInAllowedRange

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

• display_name (str) – The display name of the custom alert.

• description (str) – The description of the custom alert.

Parameters

• is_enabled (bool) – Required. Status of the custom alert.

• rule_type (str) – Required. Constant filled by server.

• min_threshold (int) – Required. The minimum threshold.

• max_threshold (int) – Required. The maximum threshold.

• time_window_size (timedelta) – Required. The time window size in iso8601 format.

class azure.mgmt.security.models.TopologyResource(**kwargs)

Bases: msrest.serialization.Model

TopologyResource.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• id (str) – Resource Id

• name (str) – Resource name

• type (str) – Resource type

• location (str) – Location where the resource is stored

• calculated_date_time (datetime) – The UTC time on which the topology was calculated

• topology_resources (list[TopologySingleResource]) – Azure resources which are part of this topology resource

class azure.mgmt.security.models.TopologyResourcePaged(*args, **kwargs)

Bases: msrest.paging.Paged

A paging container for iterating over a list of TopologyResource object

Bring async to Paging.

“async_command” is mandatory keyword argument for this mixin to work.

class azure.mgmt.security.models.TopologySingleResource(**kwargs)

Bases: msrest.serialization.Model

TopologySingleResource.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• resource_id (str) – Azure resource id

• severity (str) – The security severity of the resource

• recommendations_exist (bool) – Indicates if the resource has security recommendations

• network_zones (str) – Indicates the resource connectivity level to the Internet (InternetFacing, Internal ,etc.)

• topology_score (int) – Score of the resource based on its security severity

• location (str) – The location of this resource

• parents (list[TopologySingleResourceParent]) – Azure resources connected to this resource which are in higher level in the topology view

• children (list[TopologySingleResourceChild]) – Azure resources connected to this resource which are in lower level in the topology view

class azure.mgmt.security.models.TopologySingleResourceChild(**kwargs)

Bases: msrest.serialization.Model

TopologySingleResourceChild.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

resource_id (str) – Azure resource id which serves as child resource in topology view

class azure.mgmt.security.models.TopologySingleResourceParent(**kwargs)

Bases: msrest.serialization.Model

TopologySingleResourceParent.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

resource_id (str) – Azure resource id which serves as parent resource in topology view

class azure.mgmt.security.models.TrackedResource(*, kind: str = None, etag: str = None, tags=None, **kwargs)

Bases: msrest.serialization.Model

Describes an Azure tracked resource.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• id (str) – Resource Id

• name (str) – Resource name

• type (str) – Resource type

• location (str) – Location where the resource is stored

Parameters

• kind (str) – Kind of the resource

• etag (str) – Entity tag is used for comparing two or more entities from the same requested resource.

• tags (dict[str, str]) – A list of key value pairs that describe the resource.

class azure.mgmt.security.models.TransportProtocol(value)

Bases: str, enum.Enum

An enumeration.

tcp = 'TCP'

udp = 'UDP'

class azure.mgmt.security.models.TwinUpdatesNotInAllowedRange(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size, **kwargs)

Bases: azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule

Number of twin updates is not in allowed range.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

• display_name (str) – The display name of the custom alert.

• description (str) – The description of the custom alert.

Parameters

• is_enabled (bool) – Required. Status of the custom alert.

• rule_type (str) – Required. Constant filled by server.

• min_threshold (int) – Required. The minimum threshold.

• max_threshold (int) – Required. The maximum threshold.

• time_window_size (timedelta) – Required. The time window size in iso8601 format.

class azure.mgmt.security.models.UnauthorizedOperationsNotInAllowedRange(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size, **kwargs)

Bases: azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule

Number of unauthorized operations is not in allowed range.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

• display_name (str) – The display name of the custom alert.

• description (str) – The description of the custom alert.

Parameters

• is_enabled (bool) – Required. Status of the custom alert.

• rule_type (str) – Required. Constant filled by server.

• min_threshold (int) – Required. The minimum threshold.

• max_threshold (int) – Required. The maximum threshold.

• time_window_size (timedelta) – Required. The time window size in iso8601 format.

class azure.mgmt.security.models.UnmaskedIpLoggingStatus(value)

Bases: str, enum.Enum

An enumeration.

disabled = 'Disabled'

Unmasked IP logging is disabled

enabled = 'Enabled'

Unmasked IP logging is enabled

class azure.mgmt.security.models.UpdateIotSecuritySolutionData(*, tags=None, user_defined_resources=None, recommendations_configuration=None, **kwargs)

Bases: azure.mgmt.security.models._models_py3.TagsResource

UpdateIotSecuritySolutionData.

Parameters

• tags (dict[str, str]) – Resource tags

• user_defined_resources (UserDefinedResourcesProperties) –

• recommendations_configuration (list[RecommendationConfigurationProperties]) –

class azure.mgmt.security.models.UserDefinedResourcesProperties(*, query: str, query_subscriptions, **kwargs)

Bases: msrest.serialization.Model

Properties of the IoT Security solution’s user defined resources.

All required parameters must be populated in order to send to Azure.

Parameters

• query (str) – Required. Azure Resource Graph query which represents the security solution’s user defined resources. Required to start with “where type != “Microsoft.Devices/IotHubs””

• query_subscriptions (list[str]) – Required. List of Azure subscription ids on which the user defined resources query should be executed.

class azure.mgmt.security.models.UserImpact(value)

Bases: str, enum.Enum

An enumeration.

high = 'High'

low = 'Low'

moderate = 'Moderate'

class azure.mgmt.security.models.UserRecommendation(*, username: str = None, recommendation_action=None, **kwargs)

Bases: msrest.serialization.Model

Represents a user that is recommended to be allowed for a certain rule.

Parameters

• username (str) – Represents a user that is recommended to be allowed for a certain rule

• recommendation_action (str or enum) – Possible values include: ‘Recommended’, ‘Add’, ‘Remove’

class azure.mgmt.security.models.ValueType(value)

Bases: str, enum.Enum

An enumeration.

ip_cidr = 'IpCidr'

An IP range in CIDR format (e.g. ‘192.168.0.1/8’).

string = 'String'

Any string value.

class azure.mgmt.security.models.VendorReference(**kwargs)

Bases: msrest.serialization.Model

Vendor reference.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• title (str) – Link title

• link (str) – Link url

class azure.mgmt.security.models.VmRecommendation(*, configuration_status=None, recommendation_action=None, resource_id: str = None, enforcement_support=None, **kwargs)

Bases: msrest.serialization.Model

Represents a machine that is part of a VM/server group.

Parameters

• configuration_status (str or enum) – Possible values include: ‘Configured’, ‘NotConfigured’, ‘InProgress’, ‘Failed’, ‘NoStatus’

• recommendation_action (str or enum) – Possible values include: ‘Recommended’, ‘Add’, ‘Remove’

• resource_id (str) –

• enforcement_support (str or enum) – Possible values include: ‘Supported’, ‘NotSupported’, ‘Unknown’

class azure.mgmt.security.models.WorkspaceSetting(*, workspace_id: str, scope: str, **kwargs)

Bases: azure.mgmt.security.models._models_py3.Resource

Configures where to store the OMS agent data for workspaces under a scope.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

• id (str) – Resource Id

• name (str) – Resource name

• type (str) – Resource type

Parameters

• workspace_id (str) – Required. The full Azure ID of the workspace to save the data in

• scope (str) – Required. All the VMs in this scope will send their security data to the mentioned workspace unless overridden by a setting with more specific scope

class azure.mgmt.security.models.WorkspaceSettingPaged(*args, **kwargs)

Bases: msrest.paging.Paged

A paging container for iterating over a list of WorkspaceSetting object

Bring async to Paging.

“async_command” is mandatory keyword argument for this mixin to work.