# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
import datetime
from typing import Any, Dict, List, Optional, Union
import msrest.serialization
from ._security_center_enums import *
[docs]class AadConnectivityState(msrest.serialization.Model):
"""Describes an Azure resource with kind.
:param connectivity_state: The connectivity state of the external AAD solution. Possible values
include: "Discovered", "NotLicensed", "Connected".
:type connectivity_state: str or ~azure.mgmt.security.models.AadConnectivityStateEnum
"""
_attribute_map = {
'connectivity_state': {'key': 'connectivityState', 'type': 'str'},
}
def __init__(
self,
*,
connectivity_state: Optional[Union[str, "AadConnectivityStateEnum"]] = None,
**kwargs
):
super(AadConnectivityState, self).__init__(**kwargs)
self.connectivity_state = connectivity_state
[docs]class ExternalSecuritySolutionKind(msrest.serialization.Model):
"""Describes an Azure resource with kind.
:param kind: The kind of the external solution. Possible values include: "CEF", "ATA", "AAD".
:type kind: str or ~azure.mgmt.security.models.ExternalSecuritySolutionKindEnum
"""
_attribute_map = {
'kind': {'key': 'kind', 'type': 'str'},
}
def __init__(
self,
*,
kind: Optional[Union[str, "ExternalSecuritySolutionKindEnum"]] = None,
**kwargs
):
super(ExternalSecuritySolutionKind, self).__init__(**kwargs)
self.kind = kind
[docs]class Location(msrest.serialization.Model):
"""Describes an Azure resource with location.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar location: Location where the resource is stored.
:vartype location: str
"""
_validation = {
'location': {'readonly': True},
}
_attribute_map = {
'location': {'key': 'location', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(Location, self).__init__(**kwargs)
self.location = None
[docs]class Resource(msrest.serialization.Model):
"""Describes an Azure resource.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
"""
_validation = {
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
}
_attribute_map = {
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(Resource, self).__init__(**kwargs)
self.id = None
self.name = None
self.type = None
[docs]class ExternalSecuritySolution(Resource, Location, ExternalSecuritySolutionKind):
"""Represents a security solution external to Azure Security Center which sends information to an OMS workspace and whose data is displayed by Azure Security Center.
Variables are only populated by the server, and will be ignored when sending a request.
:param kind: The kind of the external solution. Possible values include: "CEF", "ATA", "AAD".
:type kind: str or ~azure.mgmt.security.models.ExternalSecuritySolutionKindEnum
:ivar location: Location where the resource is stored.
:vartype location: str
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
"""
_validation = {
'location': {'readonly': True},
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
}
_attribute_map = {
'kind': {'key': 'kind', 'type': 'str'},
'location': {'key': 'location', 'type': 'str'},
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
}
def __init__(
self,
*,
kind: Optional[Union[str, "ExternalSecuritySolutionKindEnum"]] = None,
**kwargs
):
super(ExternalSecuritySolution, self).__init__(kind=kind, **kwargs)
self.kind = kind
self.location = None
self.kind = kind
self.id = None
self.name = None
self.type = None
self.location = None
self.id = None
self.name = None
self.type = None
[docs]class AadExternalSecuritySolution(ExternalSecuritySolution):
"""Represents an AAD identity protection solution which sends logs to an OMS workspace.
Variables are only populated by the server, and will be ignored when sending a request.
:param kind: The kind of the external solution. Possible values include: "CEF", "ATA", "AAD".
:type kind: str or ~azure.mgmt.security.models.ExternalSecuritySolutionKindEnum
:ivar location: Location where the resource is stored.
:vartype location: str
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:param properties: The external security solution properties for AAD solutions.
:type properties: ~azure.mgmt.security.models.AadSolutionProperties
"""
_validation = {
'location': {'readonly': True},
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
}
_attribute_map = {
'kind': {'key': 'kind', 'type': 'str'},
'location': {'key': 'location', 'type': 'str'},
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'properties': {'key': 'properties', 'type': 'AadSolutionProperties'},
}
def __init__(
self,
*,
kind: Optional[Union[str, "ExternalSecuritySolutionKindEnum"]] = None,
properties: Optional["AadSolutionProperties"] = None,
**kwargs
):
super(AadExternalSecuritySolution, self).__init__(kind=kind, **kwargs)
self.properties = properties
[docs]class ExternalSecuritySolutionProperties(msrest.serialization.Model):
"""The solution properties (correspond to the solution kind).
:param additional_properties: Unmatched properties from the message are deserialized to this
collection.
:type additional_properties: dict[str, any]
:param device_vendor:
:type device_vendor: str
:param device_type:
:type device_type: str
:param workspace: Represents an OMS workspace to which the solution is connected.
:type workspace: ~azure.mgmt.security.models.ConnectedWorkspace
"""
_attribute_map = {
'additional_properties': {'key': '', 'type': '{object}'},
'device_vendor': {'key': 'deviceVendor', 'type': 'str'},
'device_type': {'key': 'deviceType', 'type': 'str'},
'workspace': {'key': 'workspace', 'type': 'ConnectedWorkspace'},
}
def __init__(
self,
*,
additional_properties: Optional[Dict[str, Any]] = None,
device_vendor: Optional[str] = None,
device_type: Optional[str] = None,
workspace: Optional["ConnectedWorkspace"] = None,
**kwargs
):
super(ExternalSecuritySolutionProperties, self).__init__(**kwargs)
self.additional_properties = additional_properties
self.device_vendor = device_vendor
self.device_type = device_type
self.workspace = workspace
[docs]class AadSolutionProperties(ExternalSecuritySolutionProperties, AadConnectivityState):
"""The external security solution properties for AAD solutions.
:param connectivity_state: The connectivity state of the external AAD solution. Possible values
include: "Discovered", "NotLicensed", "Connected".
:type connectivity_state: str or ~azure.mgmt.security.models.AadConnectivityStateEnum
:param additional_properties: Unmatched properties from the message are deserialized to this
collection.
:type additional_properties: dict[str, any]
:param device_vendor:
:type device_vendor: str
:param device_type:
:type device_type: str
:param workspace: Represents an OMS workspace to which the solution is connected.
:type workspace: ~azure.mgmt.security.models.ConnectedWorkspace
"""
_attribute_map = {
'connectivity_state': {'key': 'connectivityState', 'type': 'str'},
'additional_properties': {'key': '', 'type': '{object}'},
'device_vendor': {'key': 'deviceVendor', 'type': 'str'},
'device_type': {'key': 'deviceType', 'type': 'str'},
'workspace': {'key': 'workspace', 'type': 'ConnectedWorkspace'},
}
def __init__(
self,
*,
connectivity_state: Optional[Union[str, "AadConnectivityStateEnum"]] = None,
additional_properties: Optional[Dict[str, Any]] = None,
device_vendor: Optional[str] = None,
device_type: Optional[str] = None,
workspace: Optional["ConnectedWorkspace"] = None,
**kwargs
):
super(AadSolutionProperties, self).__init__(additional_properties=additional_properties, device_vendor=device_vendor, device_type=device_type, workspace=workspace, connectivity_state=connectivity_state, **kwargs)
self.connectivity_state = connectivity_state
self.additional_properties = additional_properties
self.device_vendor = device_vendor
self.device_type = device_type
self.workspace = workspace
[docs]class CustomAlertRule(msrest.serialization.Model):
"""A custom alert rule.
You probably want to use the sub-classes and not this class directly. Known
sub-classes are: ListCustomAlertRule, ThresholdCustomAlertRule.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:ivar display_name: The display name of the custom alert.
:vartype display_name: str
:ivar description: The description of the custom alert.
:vartype description: str
:param is_enabled: Required. Status of the custom alert.
:type is_enabled: bool
:param rule_type: Required. The type of the custom alert rule.Constant filled by server.
:type rule_type: str
"""
_validation = {
'display_name': {'readonly': True},
'description': {'readonly': True},
'is_enabled': {'required': True},
'rule_type': {'required': True},
}
_attribute_map = {
'display_name': {'key': 'displayName', 'type': 'str'},
'description': {'key': 'description', 'type': 'str'},
'is_enabled': {'key': 'isEnabled', 'type': 'bool'},
'rule_type': {'key': 'ruleType', 'type': 'str'},
}
_subtype_map = {
'rule_type': {'ListCustomAlertRule': 'ListCustomAlertRule', 'ThresholdCustomAlertRule': 'ThresholdCustomAlertRule'}
}
def __init__(
self,
*,
is_enabled: bool,
**kwargs
):
super(CustomAlertRule, self).__init__(**kwargs)
self.display_name = None
self.description = None
self.is_enabled = is_enabled
self.rule_type = None # type: Optional[str]
[docs]class ThresholdCustomAlertRule(CustomAlertRule):
"""A custom alert rule that checks if a value (depends on the custom alert type) is within the given range.
You probably want to use the sub-classes and not this class directly. Known
sub-classes are: TimeWindowCustomAlertRule.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:ivar display_name: The display name of the custom alert.
:vartype display_name: str
:ivar description: The description of the custom alert.
:vartype description: str
:param is_enabled: Required. Status of the custom alert.
:type is_enabled: bool
:param rule_type: Required. The type of the custom alert rule.Constant filled by server.
:type rule_type: str
:param min_threshold: Required. The minimum threshold.
:type min_threshold: int
:param max_threshold: Required. The maximum threshold.
:type max_threshold: int
"""
_validation = {
'display_name': {'readonly': True},
'description': {'readonly': True},
'is_enabled': {'required': True},
'rule_type': {'required': True},
'min_threshold': {'required': True},
'max_threshold': {'required': True},
}
_attribute_map = {
'display_name': {'key': 'displayName', 'type': 'str'},
'description': {'key': 'description', 'type': 'str'},
'is_enabled': {'key': 'isEnabled', 'type': 'bool'},
'rule_type': {'key': 'ruleType', 'type': 'str'},
'min_threshold': {'key': 'minThreshold', 'type': 'int'},
'max_threshold': {'key': 'maxThreshold', 'type': 'int'},
}
_subtype_map = {
'rule_type': {'TimeWindowCustomAlertRule': 'TimeWindowCustomAlertRule'}
}
def __init__(
self,
*,
is_enabled: bool,
min_threshold: int,
max_threshold: int,
**kwargs
):
super(ThresholdCustomAlertRule, self).__init__(is_enabled=is_enabled, **kwargs)
self.rule_type = 'ThresholdCustomAlertRule' # type: str
self.min_threshold = min_threshold
self.max_threshold = max_threshold
[docs]class TimeWindowCustomAlertRule(ThresholdCustomAlertRule):
"""A custom alert rule that checks if the number of activities (depends on the custom alert type) in a time window is within the given range.
You probably want to use the sub-classes and not this class directly. Known
sub-classes are: ActiveConnectionsNotInAllowedRange, AmqpC2DMessagesNotInAllowedRange, AmqpC2DRejectedMessagesNotInAllowedRange, AmqpD2CMessagesNotInAllowedRange, DirectMethodInvokesNotInAllowedRange, FailedLocalLoginsNotInAllowedRange, FileUploadsNotInAllowedRange, HttpC2DMessagesNotInAllowedRange, HttpC2DRejectedMessagesNotInAllowedRange, HttpD2CMessagesNotInAllowedRange, MqttC2DMessagesNotInAllowedRange, MqttC2DRejectedMessagesNotInAllowedRange, MqttD2CMessagesNotInAllowedRange, QueuePurgesNotInAllowedRange, TwinUpdatesNotInAllowedRange, UnauthorizedOperationsNotInAllowedRange.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:ivar display_name: The display name of the custom alert.
:vartype display_name: str
:ivar description: The description of the custom alert.
:vartype description: str
:param is_enabled: Required. Status of the custom alert.
:type is_enabled: bool
:param rule_type: Required. The type of the custom alert rule.Constant filled by server.
:type rule_type: str
:param min_threshold: Required. The minimum threshold.
:type min_threshold: int
:param max_threshold: Required. The maximum threshold.
:type max_threshold: int
:param time_window_size: Required. The time window size in iso8601 format.
:type time_window_size: ~datetime.timedelta
"""
_validation = {
'display_name': {'readonly': True},
'description': {'readonly': True},
'is_enabled': {'required': True},
'rule_type': {'required': True},
'min_threshold': {'required': True},
'max_threshold': {'required': True},
'time_window_size': {'required': True},
}
_attribute_map = {
'display_name': {'key': 'displayName', 'type': 'str'},
'description': {'key': 'description', 'type': 'str'},
'is_enabled': {'key': 'isEnabled', 'type': 'bool'},
'rule_type': {'key': 'ruleType', 'type': 'str'},
'min_threshold': {'key': 'minThreshold', 'type': 'int'},
'max_threshold': {'key': 'maxThreshold', 'type': 'int'},
'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'},
}
_subtype_map = {
'rule_type': {'ActiveConnectionsNotInAllowedRange': 'ActiveConnectionsNotInAllowedRange', 'AmqpC2DMessagesNotInAllowedRange': 'AmqpC2DMessagesNotInAllowedRange', 'AmqpC2DRejectedMessagesNotInAllowedRange': 'AmqpC2DRejectedMessagesNotInAllowedRange', 'AmqpD2CMessagesNotInAllowedRange': 'AmqpD2CMessagesNotInAllowedRange', 'DirectMethodInvokesNotInAllowedRange': 'DirectMethodInvokesNotInAllowedRange', 'FailedLocalLoginsNotInAllowedRange': 'FailedLocalLoginsNotInAllowedRange', 'FileUploadsNotInAllowedRange': 'FileUploadsNotInAllowedRange', 'HttpC2DMessagesNotInAllowedRange': 'HttpC2DMessagesNotInAllowedRange', 'HttpC2DRejectedMessagesNotInAllowedRange': 'HttpC2DRejectedMessagesNotInAllowedRange', 'HttpD2CMessagesNotInAllowedRange': 'HttpD2CMessagesNotInAllowedRange', 'MqttC2DMessagesNotInAllowedRange': 'MqttC2DMessagesNotInAllowedRange', 'MqttC2DRejectedMessagesNotInAllowedRange': 'MqttC2DRejectedMessagesNotInAllowedRange', 'MqttD2CMessagesNotInAllowedRange': 'MqttD2CMessagesNotInAllowedRange', 'QueuePurgesNotInAllowedRange': 'QueuePurgesNotInAllowedRange', 'TwinUpdatesNotInAllowedRange': 'TwinUpdatesNotInAllowedRange', 'UnauthorizedOperationsNotInAllowedRange': 'UnauthorizedOperationsNotInAllowedRange'}
}
def __init__(
self,
*,
is_enabled: bool,
min_threshold: int,
max_threshold: int,
time_window_size: datetime.timedelta,
**kwargs
):
super(TimeWindowCustomAlertRule, self).__init__(is_enabled=is_enabled, min_threshold=min_threshold, max_threshold=max_threshold, **kwargs)
self.rule_type = 'TimeWindowCustomAlertRule' # type: str
self.time_window_size = time_window_size
[docs]class ActiveConnectionsNotInAllowedRange(TimeWindowCustomAlertRule):
"""Number of active connections is not in allowed range.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:ivar display_name: The display name of the custom alert.
:vartype display_name: str
:ivar description: The description of the custom alert.
:vartype description: str
:param is_enabled: Required. Status of the custom alert.
:type is_enabled: bool
:param rule_type: Required. The type of the custom alert rule.Constant filled by server.
:type rule_type: str
:param min_threshold: Required. The minimum threshold.
:type min_threshold: int
:param max_threshold: Required. The maximum threshold.
:type max_threshold: int
:param time_window_size: Required. The time window size in iso8601 format.
:type time_window_size: ~datetime.timedelta
"""
_validation = {
'display_name': {'readonly': True},
'description': {'readonly': True},
'is_enabled': {'required': True},
'rule_type': {'required': True},
'min_threshold': {'required': True},
'max_threshold': {'required': True},
'time_window_size': {'required': True},
}
_attribute_map = {
'display_name': {'key': 'displayName', 'type': 'str'},
'description': {'key': 'description', 'type': 'str'},
'is_enabled': {'key': 'isEnabled', 'type': 'bool'},
'rule_type': {'key': 'ruleType', 'type': 'str'},
'min_threshold': {'key': 'minThreshold', 'type': 'int'},
'max_threshold': {'key': 'maxThreshold', 'type': 'int'},
'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'},
}
def __init__(
self,
*,
is_enabled: bool,
min_threshold: int,
max_threshold: int,
time_window_size: datetime.timedelta,
**kwargs
):
super(ActiveConnectionsNotInAllowedRange, self).__init__(is_enabled=is_enabled, min_threshold=min_threshold, max_threshold=max_threshold, time_window_size=time_window_size, **kwargs)
self.rule_type = 'ActiveConnectionsNotInAllowedRange' # type: str
[docs]class AdaptiveApplicationControlGroup(Resource, Location):
"""AdaptiveApplicationControlGroup.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar location: Location where the resource is stored.
:vartype location: str
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:param enforcement_mode: The application control policy enforcement/protection mode of the
machine group. Possible values include: "Audit", "Enforce", "None".
:type enforcement_mode: str or ~azure.mgmt.security.models.EnforcementMode
:param protection_mode: The protection mode of the collection/file types. Exe/Msi/Script are
used for Windows, Executable is used for Linux.
:type protection_mode: ~azure.mgmt.security.models.ProtectionMode
:ivar configuration_status: The configuration status of the machines group or machine or rule.
Possible values include: "Configured", "NotConfigured", "InProgress", "Failed", "NoStatus".
:vartype configuration_status: str or ~azure.mgmt.security.models.ConfigurationStatus
:ivar recommendation_status: The initial recommendation status of the machine group or machine.
Possible values include: "Recommended", "NotRecommended", "NotAvailable", "NoStatus".
:vartype recommendation_status: str or ~azure.mgmt.security.models.RecommendationStatus
:ivar issues:
:vartype issues: list[~azure.mgmt.security.models.AdaptiveApplicationControlIssueSummary]
:ivar source_system: The source type of the machine group. Possible values include:
"Azure_AppLocker", "Azure_AuditD", "NonAzure_AppLocker", "NonAzure_AuditD", "None".
:vartype source_system: str or ~azure.mgmt.security.models.SourceSystem
:param vm_recommendations:
:type vm_recommendations: list[~azure.mgmt.security.models.VmRecommendation]
:param path_recommendations:
:type path_recommendations: list[~azure.mgmt.security.models.PathRecommendation]
"""
_validation = {
'location': {'readonly': True},
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
'configuration_status': {'readonly': True},
'recommendation_status': {'readonly': True},
'issues': {'readonly': True},
'source_system': {'readonly': True},
}
_attribute_map = {
'location': {'key': 'location', 'type': 'str'},
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'enforcement_mode': {'key': 'properties.enforcementMode', 'type': 'str'},
'protection_mode': {'key': 'properties.protectionMode', 'type': 'ProtectionMode'},
'configuration_status': {'key': 'properties.configurationStatus', 'type': 'str'},
'recommendation_status': {'key': 'properties.recommendationStatus', 'type': 'str'},
'issues': {'key': 'properties.issues', 'type': '[AdaptiveApplicationControlIssueSummary]'},
'source_system': {'key': 'properties.sourceSystem', 'type': 'str'},
'vm_recommendations': {'key': 'properties.vmRecommendations', 'type': '[VmRecommendation]'},
'path_recommendations': {'key': 'properties.pathRecommendations', 'type': '[PathRecommendation]'},
}
def __init__(
self,
*,
enforcement_mode: Optional[Union[str, "EnforcementMode"]] = None,
protection_mode: Optional["ProtectionMode"] = None,
vm_recommendations: Optional[List["VmRecommendation"]] = None,
path_recommendations: Optional[List["PathRecommendation"]] = None,
**kwargs
):
super(AdaptiveApplicationControlGroup, self).__init__(**kwargs)
self.location = None
self.enforcement_mode = enforcement_mode
self.protection_mode = protection_mode
self.configuration_status = None
self.recommendation_status = None
self.issues = None
self.source_system = None
self.vm_recommendations = vm_recommendations
self.path_recommendations = path_recommendations
self.id = None
self.name = None
self.type = None
self.enforcement_mode = enforcement_mode
self.protection_mode = protection_mode
self.configuration_status = None
self.recommendation_status = None
self.issues = None
self.source_system = None
self.vm_recommendations = vm_recommendations
self.path_recommendations = path_recommendations
[docs]class AdaptiveApplicationControlGroups(msrest.serialization.Model):
"""Represents a list of machine groups and set of rules that are recommended by Azure Security Center to be allowed.
:param value:
:type value: list[~azure.mgmt.security.models.AdaptiveApplicationControlGroup]
"""
_attribute_map = {
'value': {'key': 'value', 'type': '[AdaptiveApplicationControlGroup]'},
}
def __init__(
self,
*,
value: Optional[List["AdaptiveApplicationControlGroup"]] = None,
**kwargs
):
super(AdaptiveApplicationControlGroups, self).__init__(**kwargs)
self.value = value
[docs]class AdaptiveApplicationControlIssueSummary(msrest.serialization.Model):
"""Represents a summary of the alerts of the machine group.
:param issue: An alert that machines within a group can have. Possible values include:
"ViolationsAudited", "ViolationsBlocked", "MsiAndScriptViolationsAudited",
"MsiAndScriptViolationsBlocked", "ExecutableViolationsAudited", "RulesViolatedManually".
:type issue: str or ~azure.mgmt.security.models.AdaptiveApplicationControlIssue
:param number_of_vms: The number of machines in the group that have this alert.
:type number_of_vms: float
"""
_attribute_map = {
'issue': {'key': 'issue', 'type': 'str'},
'number_of_vms': {'key': 'numberOfVms', 'type': 'float'},
}
def __init__(
self,
*,
issue: Optional[Union[str, "AdaptiveApplicationControlIssue"]] = None,
number_of_vms: Optional[float] = None,
**kwargs
):
super(AdaptiveApplicationControlIssueSummary, self).__init__(**kwargs)
self.issue = issue
self.number_of_vms = number_of_vms
[docs]class AdaptiveNetworkHardening(Resource):
"""The resource whose properties describes the Adaptive Network Hardening settings for some Azure resource.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:param rules: The security rules which are recommended to be effective on the VM.
:type rules: list[~azure.mgmt.security.models.Rule]
:param rules_calculation_time: The UTC time on which the rules were calculated.
:type rules_calculation_time: ~datetime.datetime
:param effective_network_security_groups: The Network Security Groups effective on the network
interfaces of the protected resource.
:type effective_network_security_groups:
list[~azure.mgmt.security.models.EffectiveNetworkSecurityGroups]
"""
_validation = {
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
}
_attribute_map = {
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'rules': {'key': 'properties.rules', 'type': '[Rule]'},
'rules_calculation_time': {'key': 'properties.rulesCalculationTime', 'type': 'iso-8601'},
'effective_network_security_groups': {'key': 'properties.effectiveNetworkSecurityGroups', 'type': '[EffectiveNetworkSecurityGroups]'},
}
def __init__(
self,
*,
rules: Optional[List["Rule"]] = None,
rules_calculation_time: Optional[datetime.datetime] = None,
effective_network_security_groups: Optional[List["EffectiveNetworkSecurityGroups"]] = None,
**kwargs
):
super(AdaptiveNetworkHardening, self).__init__(**kwargs)
self.rules = rules
self.rules_calculation_time = rules_calculation_time
self.effective_network_security_groups = effective_network_security_groups
[docs]class AdaptiveNetworkHardeningEnforceRequest(msrest.serialization.Model):
"""AdaptiveNetworkHardeningEnforceRequest.
All required parameters must be populated in order to send to Azure.
:param rules: Required. The rules to enforce.
:type rules: list[~azure.mgmt.security.models.Rule]
:param network_security_groups: Required. The Azure resource IDs of the effective network
security groups that will be updated with the created security rules from the Adaptive Network
Hardening rules.
:type network_security_groups: list[str]
"""
_validation = {
'rules': {'required': True},
'network_security_groups': {'required': True},
}
_attribute_map = {
'rules': {'key': 'rules', 'type': '[Rule]'},
'network_security_groups': {'key': 'networkSecurityGroups', 'type': '[str]'},
}
def __init__(
self,
*,
rules: List["Rule"],
network_security_groups: List[str],
**kwargs
):
super(AdaptiveNetworkHardeningEnforceRequest, self).__init__(**kwargs)
self.rules = rules
self.network_security_groups = network_security_groups
[docs]class AdaptiveNetworkHardeningsList(msrest.serialization.Model):
"""Response for ListAdaptiveNetworkHardenings API service call.
:param value: A list of Adaptive Network Hardenings resources.
:type value: list[~azure.mgmt.security.models.AdaptiveNetworkHardening]
:param next_link: The URL to get the next set of results.
:type next_link: str
"""
_attribute_map = {
'value': {'key': 'value', 'type': '[AdaptiveNetworkHardening]'},
'next_link': {'key': 'nextLink', 'type': 'str'},
}
def __init__(
self,
*,
value: Optional[List["AdaptiveNetworkHardening"]] = None,
next_link: Optional[str] = None,
**kwargs
):
super(AdaptiveNetworkHardeningsList, self).__init__(**kwargs)
self.value = value
self.next_link = next_link
[docs]class AdditionalData(msrest.serialization.Model):
"""Details of the sub-assessment.
You probably want to use the sub-classes and not this class directly. Known
sub-classes are: ContainerRegistryVulnerabilityProperties, ServerVulnerabilityProperties, SqlServerVulnerabilityProperties.
All required parameters must be populated in order to send to Azure.
:param assessed_resource_type: Required. Sub-assessment resource type.Constant filled by
server. Possible values include: "SqlServerVulnerability", "ContainerRegistryVulnerability",
"ServerVulnerability".
:type assessed_resource_type: str or ~azure.mgmt.security.models.AssessedResourceType
"""
_validation = {
'assessed_resource_type': {'required': True},
}
_attribute_map = {
'assessed_resource_type': {'key': 'assessedResourceType', 'type': 'str'},
}
_subtype_map = {
'assessed_resource_type': {'ContainerRegistryVulnerability': 'ContainerRegistryVulnerabilityProperties', 'ServerVulnerabilityAssessment': 'ServerVulnerabilityProperties', 'SqlServerVulnerability': 'SqlServerVulnerabilityProperties'}
}
def __init__(
self,
**kwargs
):
super(AdditionalData, self).__init__(**kwargs)
self.assessed_resource_type = None # type: Optional[str]
[docs]class AdditionalWorkspacesProperties(msrest.serialization.Model):
"""Properties of the additional workspaces.
:param workspace: Workspace resource id.
:type workspace: str
:param type: Workspace type. Possible values include: "Sentinel". Default value: "Sentinel".
:type type: str or ~azure.mgmt.security.models.AdditionalWorkspaceType
:param data_types: List of data types sent to workspace.
:type data_types: list[str or ~azure.mgmt.security.models.AdditionalWorkspaceDataType]
"""
_attribute_map = {
'workspace': {'key': 'workspace', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'data_types': {'key': 'dataTypes', 'type': '[str]'},
}
def __init__(
self,
*,
workspace: Optional[str] = None,
type: Optional[Union[str, "AdditionalWorkspaceType"]] = "Sentinel",
data_types: Optional[List[Union[str, "AdditionalWorkspaceDataType"]]] = None,
**kwargs
):
super(AdditionalWorkspacesProperties, self).__init__(**kwargs)
self.workspace = workspace
self.type = type
self.data_types = data_types
[docs]class AdvancedThreatProtectionSetting(Resource):
"""The Advanced Threat Protection resource.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:param is_enabled: Indicates whether Advanced Threat Protection is enabled.
:type is_enabled: bool
"""
_validation = {
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
}
_attribute_map = {
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'is_enabled': {'key': 'properties.isEnabled', 'type': 'bool'},
}
def __init__(
self,
*,
is_enabled: Optional[bool] = None,
**kwargs
):
super(AdvancedThreatProtectionSetting, self).__init__(**kwargs)
self.is_enabled = is_enabled
[docs]class Alert(Resource):
"""Security alert.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:ivar alert_type: Unique identifier for the detection logic (all alert instances from the same
detection logic will have the same alertType).
:vartype alert_type: str
:ivar system_alert_id: Unique identifier for the alert.
:vartype system_alert_id: str
:ivar product_component_name: The name of Azure Security Center pricing tier which powering
this alert. Learn more:
https://docs.microsoft.com/en-us/azure/security-center/security-center-pricing.
:vartype product_component_name: str
:ivar alert_display_name: The display name of the alert.
:vartype alert_display_name: str
:ivar description: Description of the suspicious activity that was detected.
:vartype description: str
:ivar severity: The risk level of the threat that was detected. Learn more:
https://docs.microsoft.com/en-us/azure/security-center/security-center-alerts-overview#how-are-alerts-classified.
Possible values include: "Informational", "Low", "Medium", "High".
:vartype severity: str or ~azure.mgmt.security.models.AlertSeverity
:ivar intent: The kill chain related intent behind the alert. For list of supported values, and
explanations of Azure Security Center's supported kill chain intents. Possible values include:
"Unknown", "PreAttack", "InitialAccess", "Persistence", "PrivilegeEscalation",
"DefenseEvasion", "CredentialAccess", "Discovery", "LateralMovement", "Execution",
"Collection", "Exfiltration", "CommandAndControl", "Impact", "Probing", "Exploitation".
:vartype intent: str or ~azure.mgmt.security.models.Intent
:ivar start_time_utc: The UTC time of the first event or activity included in the alert in
ISO8601 format.
:vartype start_time_utc: ~datetime.datetime
:ivar end_time_utc: The UTC time of the last event or activity included in the alert in ISO8601
format.
:vartype end_time_utc: ~datetime.datetime
:ivar resource_identifiers: The resource identifiers that can be used to direct the alert to
the right product exposure group (tenant, workspace, subscription etc.). There can be multiple
identifiers of different type per alert.
:vartype resource_identifiers: list[~azure.mgmt.security.models.ResourceIdentifier]
:ivar remediation_steps: Manual action items to take to remediate the alert.
:vartype remediation_steps: list[str]
:ivar vendor_name: The name of the vendor that raises the alert.
:vartype vendor_name: str
:ivar status: The life cycle status of the alert. Possible values include: "Active",
"Resolved", "Dismissed".
:vartype status: str or ~azure.mgmt.security.models.AlertStatus
:ivar extended_links: Links related to the alert.
:vartype extended_links: list[dict[str, str]]
:ivar alert_uri: A direct link to the alert page in Azure Portal.
:vartype alert_uri: str
:ivar time_generated_utc: The UTC time the alert was generated in ISO8601 format.
:vartype time_generated_utc: ~datetime.datetime
:ivar product_name: The name of the product which published this alert (Azure Security Center,
Azure ATP, Microsoft Defender ATP, O365 ATP, MCAS, and so on).
:vartype product_name: str
:ivar processing_end_time_utc: The UTC processing end time of the alert in ISO8601 format.
:vartype processing_end_time_utc: ~datetime.datetime
:ivar entities: A list of entities related to the alert.
:vartype entities: list[~azure.mgmt.security.models.AlertEntity]
:ivar is_incident: This field determines whether the alert is an incident (a compound grouping
of several alerts) or a single alert.
:vartype is_incident: bool
:ivar correlation_key: Key for corelating related alerts. Alerts with the same correlation key
considered to be related.
:vartype correlation_key: str
:param extended_properties: Custom properties for the alert.
:type extended_properties: dict[str, str]
:ivar compromised_entity: The display name of the resource most related to this alert.
:vartype compromised_entity: str
"""
_validation = {
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
'alert_type': {'readonly': True},
'system_alert_id': {'readonly': True},
'product_component_name': {'readonly': True},
'alert_display_name': {'readonly': True},
'description': {'readonly': True},
'severity': {'readonly': True},
'intent': {'readonly': True},
'start_time_utc': {'readonly': True},
'end_time_utc': {'readonly': True},
'resource_identifiers': {'readonly': True},
'remediation_steps': {'readonly': True},
'vendor_name': {'readonly': True},
'status': {'readonly': True},
'extended_links': {'readonly': True},
'alert_uri': {'readonly': True},
'time_generated_utc': {'readonly': True},
'product_name': {'readonly': True},
'processing_end_time_utc': {'readonly': True},
'entities': {'readonly': True},
'is_incident': {'readonly': True},
'correlation_key': {'readonly': True},
'compromised_entity': {'readonly': True},
}
_attribute_map = {
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'alert_type': {'key': 'properties.alertType', 'type': 'str'},
'system_alert_id': {'key': 'properties.systemAlertId', 'type': 'str'},
'product_component_name': {'key': 'properties.productComponentName', 'type': 'str'},
'alert_display_name': {'key': 'properties.alertDisplayName', 'type': 'str'},
'description': {'key': 'properties.description', 'type': 'str'},
'severity': {'key': 'properties.severity', 'type': 'str'},
'intent': {'key': 'properties.intent', 'type': 'str'},
'start_time_utc': {'key': 'properties.startTimeUtc', 'type': 'iso-8601'},
'end_time_utc': {'key': 'properties.endTimeUtc', 'type': 'iso-8601'},
'resource_identifiers': {'key': 'properties.resourceIdentifiers', 'type': '[ResourceIdentifier]'},
'remediation_steps': {'key': 'properties.remediationSteps', 'type': '[str]'},
'vendor_name': {'key': 'properties.vendorName', 'type': 'str'},
'status': {'key': 'properties.status', 'type': 'str'},
'extended_links': {'key': 'properties.extendedLinks', 'type': '[{str}]'},
'alert_uri': {'key': 'properties.alertUri', 'type': 'str'},
'time_generated_utc': {'key': 'properties.timeGeneratedUtc', 'type': 'iso-8601'},
'product_name': {'key': 'properties.productName', 'type': 'str'},
'processing_end_time_utc': {'key': 'properties.processingEndTimeUtc', 'type': 'iso-8601'},
'entities': {'key': 'properties.entities', 'type': '[AlertEntity]'},
'is_incident': {'key': 'properties.isIncident', 'type': 'bool'},
'correlation_key': {'key': 'properties.correlationKey', 'type': 'str'},
'extended_properties': {'key': 'properties.extendedProperties', 'type': '{str}'},
'compromised_entity': {'key': 'properties.compromisedEntity', 'type': 'str'},
}
def __init__(
self,
*,
extended_properties: Optional[Dict[str, str]] = None,
**kwargs
):
super(Alert, self).__init__(**kwargs)
self.alert_type = None
self.system_alert_id = None
self.product_component_name = None
self.alert_display_name = None
self.description = None
self.severity = None
self.intent = None
self.start_time_utc = None
self.end_time_utc = None
self.resource_identifiers = None
self.remediation_steps = None
self.vendor_name = None
self.status = None
self.extended_links = None
self.alert_uri = None
self.time_generated_utc = None
self.product_name = None
self.processing_end_time_utc = None
self.entities = None
self.is_incident = None
self.correlation_key = None
self.extended_properties = extended_properties
self.compromised_entity = None
[docs]class AlertEntity(msrest.serialization.Model):
"""Changing set of properties depending on the entity type.
Variables are only populated by the server, and will be ignored when sending a request.
:param additional_properties: Unmatched properties from the message are deserialized to this
collection.
:type additional_properties: dict[str, any]
:ivar type: Type of entity.
:vartype type: str
"""
_validation = {
'type': {'readonly': True},
}
_attribute_map = {
'additional_properties': {'key': '', 'type': '{object}'},
'type': {'key': 'type', 'type': 'str'},
}
def __init__(
self,
*,
additional_properties: Optional[Dict[str, Any]] = None,
**kwargs
):
super(AlertEntity, self).__init__(**kwargs)
self.additional_properties = additional_properties
self.type = None
[docs]class AlertList(msrest.serialization.Model):
"""List of security alerts.
Variables are only populated by the server, and will be ignored when sending a request.
:param value: describes security alert properties.
:type value: list[~azure.mgmt.security.models.Alert]
:ivar next_link: The URI to fetch the next page.
:vartype next_link: str
"""
_validation = {
'next_link': {'readonly': True},
}
_attribute_map = {
'value': {'key': 'value', 'type': '[Alert]'},
'next_link': {'key': 'nextLink', 'type': 'str'},
}
def __init__(
self,
*,
value: Optional[List["Alert"]] = None,
**kwargs
):
super(AlertList, self).__init__(**kwargs)
self.value = value
self.next_link = None
[docs]class AlertSimulatorRequestProperties(msrest.serialization.Model):
"""Describes properties of an alert simulation request.
You probably want to use the sub-classes and not this class directly. Known
sub-classes are: AlertSimulatorBundlesRequestProperties.
All required parameters must be populated in order to send to Azure.
:param additional_properties: Unmatched properties from the message are deserialized to this
collection.
:type additional_properties: dict[str, any]
:param kind: Required. The kind of alert simulation.Constant filled by server. Possible values
include: "Bundles".
:type kind: str or ~azure.mgmt.security.models.KindEnum
"""
_validation = {
'kind': {'required': True},
}
_attribute_map = {
'additional_properties': {'key': '', 'type': '{object}'},
'kind': {'key': 'kind', 'type': 'str'},
}
_subtype_map = {
'kind': {'Bundles': 'AlertSimulatorBundlesRequestProperties'}
}
def __init__(
self,
*,
additional_properties: Optional[Dict[str, Any]] = None,
**kwargs
):
super(AlertSimulatorRequestProperties, self).__init__(**kwargs)
self.additional_properties = additional_properties
self.kind = 'AlertSimulatorRequestProperties' # type: str
[docs]class AlertSimulatorBundlesRequestProperties(AlertSimulatorRequestProperties):
"""Simulate alerts according to this bundles.
All required parameters must be populated in order to send to Azure.
:param additional_properties: Unmatched properties from the message are deserialized to this
collection.
:type additional_properties: dict[str, any]
:param kind: Required. The kind of alert simulation.Constant filled by server. Possible values
include: "Bundles".
:type kind: str or ~azure.mgmt.security.models.KindEnum
:param bundles: Bundles list.
:type bundles: list[str or ~azure.mgmt.security.models.BundleType]
"""
_validation = {
'kind': {'required': True},
}
_attribute_map = {
'additional_properties': {'key': '', 'type': '{object}'},
'kind': {'key': 'kind', 'type': 'str'},
'bundles': {'key': 'bundles', 'type': '[str]'},
}
def __init__(
self,
*,
additional_properties: Optional[Dict[str, Any]] = None,
bundles: Optional[List[Union[str, "BundleType"]]] = None,
**kwargs
):
super(AlertSimulatorBundlesRequestProperties, self).__init__(additional_properties=additional_properties, **kwargs)
self.kind = 'Bundles' # type: str
self.bundles = bundles
[docs]class AlertSimulatorRequestBody(msrest.serialization.Model):
"""Alert Simulator request body.
:param properties: Alert Simulator request body data.
:type properties: ~azure.mgmt.security.models.AlertSimulatorRequestProperties
"""
_attribute_map = {
'properties': {'key': 'properties', 'type': 'AlertSimulatorRequestProperties'},
}
def __init__(
self,
*,
properties: Optional["AlertSimulatorRequestProperties"] = None,
**kwargs
):
super(AlertSimulatorRequestBody, self).__init__(**kwargs)
self.properties = properties
[docs]class AlertsSuppressionRule(Resource):
"""Describes the suppression rule.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:param alert_type: Type of the alert to automatically suppress. For all alert types, use '*'.
:type alert_type: str
:ivar last_modified_utc: The last time this rule was modified.
:vartype last_modified_utc: ~datetime.datetime
:param expiration_date_utc: Expiration date of the rule, if value is not provided or provided
as null this field will default to the maximum allowed expiration date.
:type expiration_date_utc: ~datetime.datetime
:param reason: The reason for dismissing the alert.
:type reason: str
:param state: Possible states of the rule. Possible values include: "Enabled", "Disabled",
"Expired".
:type state: str or ~azure.mgmt.security.models.RuleState
:param comment: Any comment regarding the rule.
:type comment: str
:param suppression_alerts_scope: The suppression conditions.
:type suppression_alerts_scope: ~azure.mgmt.security.models.SuppressionAlertsScope
"""
_validation = {
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
'last_modified_utc': {'readonly': True},
}
_attribute_map = {
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'alert_type': {'key': 'properties.alertType', 'type': 'str'},
'last_modified_utc': {'key': 'properties.lastModifiedUtc', 'type': 'iso-8601'},
'expiration_date_utc': {'key': 'properties.expirationDateUtc', 'type': 'iso-8601'},
'reason': {'key': 'properties.reason', 'type': 'str'},
'state': {'key': 'properties.state', 'type': 'str'},
'comment': {'key': 'properties.comment', 'type': 'str'},
'suppression_alerts_scope': {'key': 'properties.suppressionAlertsScope', 'type': 'SuppressionAlertsScope'},
}
def __init__(
self,
*,
alert_type: Optional[str] = None,
expiration_date_utc: Optional[datetime.datetime] = None,
reason: Optional[str] = None,
state: Optional[Union[str, "RuleState"]] = None,
comment: Optional[str] = None,
suppression_alerts_scope: Optional["SuppressionAlertsScope"] = None,
**kwargs
):
super(AlertsSuppressionRule, self).__init__(**kwargs)
self.alert_type = alert_type
self.last_modified_utc = None
self.expiration_date_utc = expiration_date_utc
self.reason = reason
self.state = state
self.comment = comment
self.suppression_alerts_scope = suppression_alerts_scope
[docs]class AlertsSuppressionRulesList(msrest.serialization.Model):
"""Suppression rules list for subscription.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:param value: Required.
:type value: list[~azure.mgmt.security.models.AlertsSuppressionRule]
:ivar next_link: URI to fetch the next page.
:vartype next_link: str
"""
_validation = {
'value': {'required': True},
'next_link': {'readonly': True},
}
_attribute_map = {
'value': {'key': 'value', 'type': '[AlertsSuppressionRule]'},
'next_link': {'key': 'nextLink', 'type': 'str'},
}
def __init__(
self,
*,
value: List["AlertsSuppressionRule"],
**kwargs
):
super(AlertsSuppressionRulesList, self).__init__(**kwargs)
self.value = value
self.next_link = None
[docs]class Setting(Resource):
"""The kind of the security setting.
You probably want to use the sub-classes and not this class directly. Known
sub-classes are: AlertSyncSettings, DataExportSettings.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:param kind: Required. the kind of the settings string.Constant filled by server. Possible
values include: "DataExportSettings", "AlertSuppressionSetting", "AlertSyncSettings".
:type kind: str or ~azure.mgmt.security.models.SettingKind
"""
_validation = {
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
'kind': {'required': True},
}
_attribute_map = {
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'kind': {'key': 'kind', 'type': 'str'},
}
_subtype_map = {
'kind': {'AlertSyncSettings': 'AlertSyncSettings', 'DataExportSettings': 'DataExportSettings'}
}
def __init__(
self,
**kwargs
):
super(Setting, self).__init__(**kwargs)
self.kind = 'Setting' # type: str
[docs]class AlertSyncSettings(Setting):
"""Represents an alert sync setting.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:param kind: Required. the kind of the settings string.Constant filled by server. Possible
values include: "DataExportSettings", "AlertSuppressionSetting", "AlertSyncSettings".
:type kind: str or ~azure.mgmt.security.models.SettingKind
:param enabled: Is the alert sync setting enabled.
:type enabled: bool
"""
_validation = {
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
'kind': {'required': True},
}
_attribute_map = {
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'kind': {'key': 'kind', 'type': 'str'},
'enabled': {'key': 'properties.enabled', 'type': 'bool'},
}
def __init__(
self,
*,
enabled: Optional[bool] = None,
**kwargs
):
super(AlertSyncSettings, self).__init__(**kwargs)
self.kind = 'AlertSyncSettings' # type: str
self.enabled = enabled
[docs]class AllowedConnectionsList(msrest.serialization.Model):
"""List of all possible traffic between Azure resources.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar value:
:vartype value: list[~azure.mgmt.security.models.AllowedConnectionsResource]
:ivar next_link: The URI to fetch the next page.
:vartype next_link: str
"""
_validation = {
'value': {'readonly': True},
'next_link': {'readonly': True},
}
_attribute_map = {
'value': {'key': 'value', 'type': '[AllowedConnectionsResource]'},
'next_link': {'key': 'nextLink', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(AllowedConnectionsList, self).__init__(**kwargs)
self.value = None
self.next_link = None
[docs]class AllowedConnectionsResource(Resource, Location):
"""The resource whose properties describes the allowed traffic between Azure resources.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar location: Location where the resource is stored.
:vartype location: str
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:ivar calculated_date_time: The UTC time on which the allowed connections resource was
calculated.
:vartype calculated_date_time: ~datetime.datetime
:ivar connectable_resources: List of connectable resources.
:vartype connectable_resources: list[~azure.mgmt.security.models.ConnectableResource]
"""
_validation = {
'location': {'readonly': True},
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
'calculated_date_time': {'readonly': True},
'connectable_resources': {'readonly': True},
}
_attribute_map = {
'location': {'key': 'location', 'type': 'str'},
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'calculated_date_time': {'key': 'properties.calculatedDateTime', 'type': 'iso-8601'},
'connectable_resources': {'key': 'properties.connectableResources', 'type': '[ConnectableResource]'},
}
def __init__(
self,
**kwargs
):
super(AllowedConnectionsResource, self).__init__(**kwargs)
self.location = None
self.calculated_date_time = None
self.connectable_resources = None
self.id = None
self.name = None
self.type = None
self.calculated_date_time = None
self.connectable_resources = None
[docs]class ListCustomAlertRule(CustomAlertRule):
"""A List custom alert rule.
You probably want to use the sub-classes and not this class directly. Known
sub-classes are: AllowlistCustomAlertRule, DenylistCustomAlertRule.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:ivar display_name: The display name of the custom alert.
:vartype display_name: str
:ivar description: The description of the custom alert.
:vartype description: str
:param is_enabled: Required. Status of the custom alert.
:type is_enabled: bool
:param rule_type: Required. The type of the custom alert rule.Constant filled by server.
:type rule_type: str
:ivar value_type: The value type of the items in the list. Possible values include: "IpCidr",
"String".
:vartype value_type: str or ~azure.mgmt.security.models.ValueType
"""
_validation = {
'display_name': {'readonly': True},
'description': {'readonly': True},
'is_enabled': {'required': True},
'rule_type': {'required': True},
'value_type': {'readonly': True},
}
_attribute_map = {
'display_name': {'key': 'displayName', 'type': 'str'},
'description': {'key': 'description', 'type': 'str'},
'is_enabled': {'key': 'isEnabled', 'type': 'bool'},
'rule_type': {'key': 'ruleType', 'type': 'str'},
'value_type': {'key': 'valueType', 'type': 'str'},
}
_subtype_map = {
'rule_type': {'AllowlistCustomAlertRule': 'AllowlistCustomAlertRule', 'DenylistCustomAlertRule': 'DenylistCustomAlertRule'}
}
def __init__(
self,
*,
is_enabled: bool,
**kwargs
):
super(ListCustomAlertRule, self).__init__(is_enabled=is_enabled, **kwargs)
self.rule_type = 'ListCustomAlertRule' # type: str
self.value_type = None
[docs]class AllowlistCustomAlertRule(ListCustomAlertRule):
"""A custom alert rule that checks if a value (depends on the custom alert type) is allowed.
You probably want to use the sub-classes and not this class directly. Known
sub-classes are: ConnectionFromIpNotAllowed, ConnectionToIpNotAllowed, LocalUserNotAllowed, ProcessNotAllowed.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:ivar display_name: The display name of the custom alert.
:vartype display_name: str
:ivar description: The description of the custom alert.
:vartype description: str
:param is_enabled: Required. Status of the custom alert.
:type is_enabled: bool
:param rule_type: Required. The type of the custom alert rule.Constant filled by server.
:type rule_type: str
:ivar value_type: The value type of the items in the list. Possible values include: "IpCidr",
"String".
:vartype value_type: str or ~azure.mgmt.security.models.ValueType
:param allowlist_values: Required. The values to allow. The format of the values depends on the
rule type.
:type allowlist_values: list[str]
"""
_validation = {
'display_name': {'readonly': True},
'description': {'readonly': True},
'is_enabled': {'required': True},
'rule_type': {'required': True},
'value_type': {'readonly': True},
'allowlist_values': {'required': True},
}
_attribute_map = {
'display_name': {'key': 'displayName', 'type': 'str'},
'description': {'key': 'description', 'type': 'str'},
'is_enabled': {'key': 'isEnabled', 'type': 'bool'},
'rule_type': {'key': 'ruleType', 'type': 'str'},
'value_type': {'key': 'valueType', 'type': 'str'},
'allowlist_values': {'key': 'allowlistValues', 'type': '[str]'},
}
_subtype_map = {
'rule_type': {'ConnectionFromIpNotAllowed': 'ConnectionFromIpNotAllowed', 'ConnectionToIpNotAllowed': 'ConnectionToIpNotAllowed', 'LocalUserNotAllowed': 'LocalUserNotAllowed', 'ProcessNotAllowed': 'ProcessNotAllowed'}
}
def __init__(
self,
*,
is_enabled: bool,
allowlist_values: List[str],
**kwargs
):
super(AllowlistCustomAlertRule, self).__init__(is_enabled=is_enabled, **kwargs)
self.rule_type = 'AllowlistCustomAlertRule' # type: str
self.allowlist_values = allowlist_values
[docs]class AmqpC2DMessagesNotInAllowedRange(TimeWindowCustomAlertRule):
"""Number of cloud to device messages (AMQP protocol) is not in allowed range.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:ivar display_name: The display name of the custom alert.
:vartype display_name: str
:ivar description: The description of the custom alert.
:vartype description: str
:param is_enabled: Required. Status of the custom alert.
:type is_enabled: bool
:param rule_type: Required. The type of the custom alert rule.Constant filled by server.
:type rule_type: str
:param min_threshold: Required. The minimum threshold.
:type min_threshold: int
:param max_threshold: Required. The maximum threshold.
:type max_threshold: int
:param time_window_size: Required. The time window size in iso8601 format.
:type time_window_size: ~datetime.timedelta
"""
_validation = {
'display_name': {'readonly': True},
'description': {'readonly': True},
'is_enabled': {'required': True},
'rule_type': {'required': True},
'min_threshold': {'required': True},
'max_threshold': {'required': True},
'time_window_size': {'required': True},
}
_attribute_map = {
'display_name': {'key': 'displayName', 'type': 'str'},
'description': {'key': 'description', 'type': 'str'},
'is_enabled': {'key': 'isEnabled', 'type': 'bool'},
'rule_type': {'key': 'ruleType', 'type': 'str'},
'min_threshold': {'key': 'minThreshold', 'type': 'int'},
'max_threshold': {'key': 'maxThreshold', 'type': 'int'},
'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'},
}
def __init__(
self,
*,
is_enabled: bool,
min_threshold: int,
max_threshold: int,
time_window_size: datetime.timedelta,
**kwargs
):
super(AmqpC2DMessagesNotInAllowedRange, self).__init__(is_enabled=is_enabled, min_threshold=min_threshold, max_threshold=max_threshold, time_window_size=time_window_size, **kwargs)
self.rule_type = 'AmqpC2DMessagesNotInAllowedRange' # type: str
[docs]class AmqpC2DRejectedMessagesNotInAllowedRange(TimeWindowCustomAlertRule):
"""Number of rejected cloud to device messages (AMQP protocol) is not in allowed range.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:ivar display_name: The display name of the custom alert.
:vartype display_name: str
:ivar description: The description of the custom alert.
:vartype description: str
:param is_enabled: Required. Status of the custom alert.
:type is_enabled: bool
:param rule_type: Required. The type of the custom alert rule.Constant filled by server.
:type rule_type: str
:param min_threshold: Required. The minimum threshold.
:type min_threshold: int
:param max_threshold: Required. The maximum threshold.
:type max_threshold: int
:param time_window_size: Required. The time window size in iso8601 format.
:type time_window_size: ~datetime.timedelta
"""
_validation = {
'display_name': {'readonly': True},
'description': {'readonly': True},
'is_enabled': {'required': True},
'rule_type': {'required': True},
'min_threshold': {'required': True},
'max_threshold': {'required': True},
'time_window_size': {'required': True},
}
_attribute_map = {
'display_name': {'key': 'displayName', 'type': 'str'},
'description': {'key': 'description', 'type': 'str'},
'is_enabled': {'key': 'isEnabled', 'type': 'bool'},
'rule_type': {'key': 'ruleType', 'type': 'str'},
'min_threshold': {'key': 'minThreshold', 'type': 'int'},
'max_threshold': {'key': 'maxThreshold', 'type': 'int'},
'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'},
}
def __init__(
self,
*,
is_enabled: bool,
min_threshold: int,
max_threshold: int,
time_window_size: datetime.timedelta,
**kwargs
):
super(AmqpC2DRejectedMessagesNotInAllowedRange, self).__init__(is_enabled=is_enabled, min_threshold=min_threshold, max_threshold=max_threshold, time_window_size=time_window_size, **kwargs)
self.rule_type = 'AmqpC2DRejectedMessagesNotInAllowedRange' # type: str
[docs]class AmqpD2CMessagesNotInAllowedRange(TimeWindowCustomAlertRule):
"""Number of device to cloud messages (AMQP protocol) is not in allowed range.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:ivar display_name: The display name of the custom alert.
:vartype display_name: str
:ivar description: The description of the custom alert.
:vartype description: str
:param is_enabled: Required. Status of the custom alert.
:type is_enabled: bool
:param rule_type: Required. The type of the custom alert rule.Constant filled by server.
:type rule_type: str
:param min_threshold: Required. The minimum threshold.
:type min_threshold: int
:param max_threshold: Required. The maximum threshold.
:type max_threshold: int
:param time_window_size: Required. The time window size in iso8601 format.
:type time_window_size: ~datetime.timedelta
"""
_validation = {
'display_name': {'readonly': True},
'description': {'readonly': True},
'is_enabled': {'required': True},
'rule_type': {'required': True},
'min_threshold': {'required': True},
'max_threshold': {'required': True},
'time_window_size': {'required': True},
}
_attribute_map = {
'display_name': {'key': 'displayName', 'type': 'str'},
'description': {'key': 'description', 'type': 'str'},
'is_enabled': {'key': 'isEnabled', 'type': 'bool'},
'rule_type': {'key': 'ruleType', 'type': 'str'},
'min_threshold': {'key': 'minThreshold', 'type': 'int'},
'max_threshold': {'key': 'maxThreshold', 'type': 'int'},
'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'},
}
def __init__(
self,
*,
is_enabled: bool,
min_threshold: int,
max_threshold: int,
time_window_size: datetime.timedelta,
**kwargs
):
super(AmqpD2CMessagesNotInAllowedRange, self).__init__(is_enabled=is_enabled, min_threshold=min_threshold, max_threshold=max_threshold, time_window_size=time_window_size, **kwargs)
self.rule_type = 'AmqpD2CMessagesNotInAllowedRange' # type: str
[docs]class AscLocation(Resource):
"""The ASC location of the subscription is in the "name" field.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:param properties: Any object.
:type properties: any
"""
_validation = {
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
}
_attribute_map = {
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'properties': {'key': 'properties', 'type': 'object'},
}
def __init__(
self,
*,
properties: Optional[Any] = None,
**kwargs
):
super(AscLocation, self).__init__(**kwargs)
self.properties = properties
[docs]class AscLocationList(msrest.serialization.Model):
"""List of locations where ASC saves your data.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar value:
:vartype value: list[~azure.mgmt.security.models.AscLocation]
:ivar next_link: The URI to fetch the next page.
:vartype next_link: str
"""
_validation = {
'value': {'readonly': True},
'next_link': {'readonly': True},
}
_attribute_map = {
'value': {'key': 'value', 'type': '[AscLocation]'},
'next_link': {'key': 'nextLink', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(AscLocationList, self).__init__(**kwargs)
self.value = None
self.next_link = None
[docs]class AssessmentLinks(msrest.serialization.Model):
"""Links relevant to the assessment.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar azure_portal_uri: Link to assessment in Azure Portal.
:vartype azure_portal_uri: str
"""
_validation = {
'azure_portal_uri': {'readonly': True},
}
_attribute_map = {
'azure_portal_uri': {'key': 'azurePortalUri', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(AssessmentLinks, self).__init__(**kwargs)
self.azure_portal_uri = None
[docs]class AssessmentStatus(msrest.serialization.Model):
"""The result of the assessment.
All required parameters must be populated in order to send to Azure.
:param code: Required. Programmatic code for the status of the assessment. Possible values
include: "Healthy", "Unhealthy", "NotApplicable".
:type code: str or ~azure.mgmt.security.models.AssessmentStatusCode
:param cause: Programmatic code for the cause of the assessment status.
:type cause: str
:param description: Human readable description of the assessment status.
:type description: str
"""
_validation = {
'code': {'required': True},
}
_attribute_map = {
'code': {'key': 'code', 'type': 'str'},
'cause': {'key': 'cause', 'type': 'str'},
'description': {'key': 'description', 'type': 'str'},
}
def __init__(
self,
*,
code: Union[str, "AssessmentStatusCode"],
cause: Optional[str] = None,
description: Optional[str] = None,
**kwargs
):
super(AssessmentStatus, self).__init__(**kwargs)
self.code = code
self.cause = cause
self.description = description
[docs]class AtaExternalSecuritySolution(ExternalSecuritySolution):
"""Represents an ATA security solution which sends logs to an OMS workspace.
Variables are only populated by the server, and will be ignored when sending a request.
:param kind: The kind of the external solution. Possible values include: "CEF", "ATA", "AAD".
:type kind: str or ~azure.mgmt.security.models.ExternalSecuritySolutionKindEnum
:ivar location: Location where the resource is stored.
:vartype location: str
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:param properties: The external security solution properties for ATA solutions.
:type properties: ~azure.mgmt.security.models.AtaSolutionProperties
"""
_validation = {
'location': {'readonly': True},
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
}
_attribute_map = {
'kind': {'key': 'kind', 'type': 'str'},
'location': {'key': 'location', 'type': 'str'},
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'properties': {'key': 'properties', 'type': 'AtaSolutionProperties'},
}
def __init__(
self,
*,
kind: Optional[Union[str, "ExternalSecuritySolutionKindEnum"]] = None,
properties: Optional["AtaSolutionProperties"] = None,
**kwargs
):
super(AtaExternalSecuritySolution, self).__init__(kind=kind, **kwargs)
self.properties = properties
[docs]class AtaSolutionProperties(ExternalSecuritySolutionProperties):
"""The external security solution properties for ATA solutions.
:param additional_properties: Unmatched properties from the message are deserialized to this
collection.
:type additional_properties: dict[str, any]
:param device_vendor:
:type device_vendor: str
:param device_type:
:type device_type: str
:param workspace: Represents an OMS workspace to which the solution is connected.
:type workspace: ~azure.mgmt.security.models.ConnectedWorkspace
:param last_event_received:
:type last_event_received: str
"""
_attribute_map = {
'additional_properties': {'key': '', 'type': '{object}'},
'device_vendor': {'key': 'deviceVendor', 'type': 'str'},
'device_type': {'key': 'deviceType', 'type': 'str'},
'workspace': {'key': 'workspace', 'type': 'ConnectedWorkspace'},
'last_event_received': {'key': 'lastEventReceived', 'type': 'str'},
}
def __init__(
self,
*,
additional_properties: Optional[Dict[str, Any]] = None,
device_vendor: Optional[str] = None,
device_type: Optional[str] = None,
workspace: Optional["ConnectedWorkspace"] = None,
last_event_received: Optional[str] = None,
**kwargs
):
super(AtaSolutionProperties, self).__init__(additional_properties=additional_properties, device_vendor=device_vendor, device_type=device_type, workspace=workspace, **kwargs)
self.last_event_received = last_event_received
[docs]class AuthenticationDetailsProperties(msrest.serialization.Model):
"""Settings for cloud authentication management.
You probably want to use the sub-classes and not this class directly. Known
sub-classes are: AwAssumeRoleAuthenticationDetailsProperties, AwsCredsAuthenticationDetailsProperties, GcpCredentialsDetailsProperties.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:ivar authentication_provisioning_state: State of the multi-cloud connector. Possible values
include: "Valid", "Invalid", "Expired", "IncorrectPolicy".
:vartype authentication_provisioning_state: str or
~azure.mgmt.security.models.AuthenticationProvisioningState
:ivar granted_permissions: The permissions detected in the cloud account.
:vartype granted_permissions: list[str or ~azure.mgmt.security.models.PermissionProperty]
:param authentication_type: Required. Connect to your cloud account, for AWS use either account
credentials or role-based authentication. For GCP use account organization credentials.Constant
filled by server. Possible values include: "awsCreds", "awsAssumeRole", "gcpCredentials".
:type authentication_type: str or ~azure.mgmt.security.models.AuthenticationType
"""
_validation = {
'authentication_provisioning_state': {'readonly': True},
'granted_permissions': {'readonly': True},
'authentication_type': {'required': True},
}
_attribute_map = {
'authentication_provisioning_state': {'key': 'authenticationProvisioningState', 'type': 'str'},
'granted_permissions': {'key': 'grantedPermissions', 'type': '[str]'},
'authentication_type': {'key': 'authenticationType', 'type': 'str'},
}
_subtype_map = {
'authentication_type': {'awsAssumeRole': 'AwAssumeRoleAuthenticationDetailsProperties', 'awsCreds': 'AwsCredsAuthenticationDetailsProperties', 'gcpCredentials': 'GcpCredentialsDetailsProperties'}
}
def __init__(
self,
**kwargs
):
super(AuthenticationDetailsProperties, self).__init__(**kwargs)
self.authentication_provisioning_state = None
self.granted_permissions = None
self.authentication_type = None # type: Optional[str]
[docs]class ETag(msrest.serialization.Model):
"""Entity tag is used for comparing two or more entities from the same requested resource.
:param etag: Entity tag is used for comparing two or more entities from the same requested
resource.
:type etag: str
"""
_attribute_map = {
'etag': {'key': 'etag', 'type': 'str'},
}
def __init__(
self,
*,
etag: Optional[str] = None,
**kwargs
):
super(ETag, self).__init__(**kwargs)
self.etag = etag
[docs]class Kind(msrest.serialization.Model):
"""Describes an Azure resource with kind.
:param kind: Kind of the resource.
:type kind: str
"""
_attribute_map = {
'kind': {'key': 'kind', 'type': 'str'},
}
def __init__(
self,
*,
kind: Optional[str] = None,
**kwargs
):
super(Kind, self).__init__(**kwargs)
self.kind = kind
[docs]class AzureTrackedResourceLocation(msrest.serialization.Model):
"""Describes an Azure resource with location.
:param location: Location where the resource is stored.
:type location: str
"""
_attribute_map = {
'location': {'key': 'location', 'type': 'str'},
}
def __init__(
self,
*,
location: Optional[str] = None,
**kwargs
):
super(AzureTrackedResourceLocation, self).__init__(**kwargs)
self.location = location
[docs]class TrackedResource(Resource, AzureTrackedResourceLocation, Kind, ETag, Tags):
"""Describes an Azure tracked resource.
Variables are only populated by the server, and will be ignored when sending a request.
:param tags: A set of tags. A list of key value pairs that describe the resource.
:type tags: dict[str, str]
:param etag: Entity tag is used for comparing two or more entities from the same requested
resource.
:type etag: str
:param kind: Kind of the resource.
:type kind: str
:param location: Location where the resource is stored.
:type location: str
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
"""
_validation = {
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
}
_attribute_map = {
'tags': {'key': 'tags', 'type': '{str}'},
'etag': {'key': 'etag', 'type': 'str'},
'kind': {'key': 'kind', 'type': 'str'},
'location': {'key': 'location', 'type': 'str'},
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
}
def __init__(
self,
*,
tags: Optional[Dict[str, str]] = None,
etag: Optional[str] = None,
kind: Optional[str] = None,
location: Optional[str] = None,
**kwargs
):
super(TrackedResource, self).__init__(location=location, kind=kind, etag=etag, tags=tags, **kwargs)
self.tags = tags
self.etag = etag
self.kind = kind
self.location = location
self.tags = tags
self.etag = etag
self.kind = kind
self.id = None
self.name = None
self.type = None
self.tags = tags
self.etag = etag
self.location = location
self.id = None
self.name = None
self.type = None
self.tags = tags
self.kind = kind
self.location = location
self.id = None
self.name = None
self.type = None
self.etag = etag
self.kind = kind
self.location = location
self.id = None
self.name = None
self.type = None
[docs]class Automation(TrackedResource):
"""The security automation resource.
Variables are only populated by the server, and will be ignored when sending a request.
:param tags: A set of tags. A list of key value pairs that describe the resource.
:type tags: dict[str, str]
:param etag: Entity tag is used for comparing two or more entities from the same requested
resource.
:type etag: str
:param kind: Kind of the resource.
:type kind: str
:param location: Location where the resource is stored.
:type location: str
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:param description: The security automation description.
:type description: str
:param is_enabled: Indicates whether the security automation is enabled.
:type is_enabled: bool
:param scopes: A collection of scopes on which the security automations logic is applied.
Supported scopes are the subscription itself or a resource group under that subscription. The
automation will only apply on defined scopes.
:type scopes: list[~azure.mgmt.security.models.AutomationScope]
:param sources: A collection of the source event types which evaluate the security automation
set of rules.
:type sources: list[~azure.mgmt.security.models.AutomationSource]
:param actions: A collection of the actions which are triggered if all the configured rules
evaluations, within at least one rule set, are true.
:type actions: list[~azure.mgmt.security.models.AutomationAction]
"""
_validation = {
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
}
_attribute_map = {
'tags': {'key': 'tags', 'type': '{str}'},
'etag': {'key': 'etag', 'type': 'str'},
'kind': {'key': 'kind', 'type': 'str'},
'location': {'key': 'location', 'type': 'str'},
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'description': {'key': 'properties.description', 'type': 'str'},
'is_enabled': {'key': 'properties.isEnabled', 'type': 'bool'},
'scopes': {'key': 'properties.scopes', 'type': '[AutomationScope]'},
'sources': {'key': 'properties.sources', 'type': '[AutomationSource]'},
'actions': {'key': 'properties.actions', 'type': '[AutomationAction]'},
}
def __init__(
self,
*,
tags: Optional[Dict[str, str]] = None,
etag: Optional[str] = None,
kind: Optional[str] = None,
location: Optional[str] = None,
description: Optional[str] = None,
is_enabled: Optional[bool] = None,
scopes: Optional[List["AutomationScope"]] = None,
sources: Optional[List["AutomationSource"]] = None,
actions: Optional[List["AutomationAction"]] = None,
**kwargs
):
super(Automation, self).__init__(tags=tags, etag=etag, kind=kind, location=location, **kwargs)
self.description = description
self.is_enabled = is_enabled
self.scopes = scopes
self.sources = sources
self.actions = actions
[docs]class AutomationAction(msrest.serialization.Model):
"""The action that should be triggered.
You probably want to use the sub-classes and not this class directly. Known
sub-classes are: AutomationActionEventHub, AutomationActionLogicApp, AutomationActionWorkspace.
All required parameters must be populated in order to send to Azure.
:param action_type: Required. The type of the action that will be triggered by the
Automation.Constant filled by server. Possible values include: "LogicApp", "EventHub",
"Workspace".
:type action_type: str or ~azure.mgmt.security.models.ActionType
"""
_validation = {
'action_type': {'required': True},
}
_attribute_map = {
'action_type': {'key': 'actionType', 'type': 'str'},
}
_subtype_map = {
'action_type': {'EventHub': 'AutomationActionEventHub', 'LogicApp': 'AutomationActionLogicApp', 'Workspace': 'AutomationActionWorkspace'}
}
def __init__(
self,
**kwargs
):
super(AutomationAction, self).__init__(**kwargs)
self.action_type = None # type: Optional[str]
[docs]class AutomationActionEventHub(AutomationAction):
"""The target Event Hub to which event data will be exported. To learn more about Security Center continuous export capabilities, visit https://aka.ms/ASCExportLearnMore.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:param action_type: Required. The type of the action that will be triggered by the
Automation.Constant filled by server. Possible values include: "LogicApp", "EventHub",
"Workspace".
:type action_type: str or ~azure.mgmt.security.models.ActionType
:param event_hub_resource_id: The target Event Hub Azure Resource ID.
:type event_hub_resource_id: str
:ivar sas_policy_name: The target Event Hub SAS policy name.
:vartype sas_policy_name: str
:param connection_string: The target Event Hub connection string (it will not be included in
any response).
:type connection_string: str
"""
_validation = {
'action_type': {'required': True},
'sas_policy_name': {'readonly': True},
}
_attribute_map = {
'action_type': {'key': 'actionType', 'type': 'str'},
'event_hub_resource_id': {'key': 'eventHubResourceId', 'type': 'str'},
'sas_policy_name': {'key': 'sasPolicyName', 'type': 'str'},
'connection_string': {'key': 'connectionString', 'type': 'str'},
}
def __init__(
self,
*,
event_hub_resource_id: Optional[str] = None,
connection_string: Optional[str] = None,
**kwargs
):
super(AutomationActionEventHub, self).__init__(**kwargs)
self.action_type = 'EventHub' # type: str
self.event_hub_resource_id = event_hub_resource_id
self.sas_policy_name = None
self.connection_string = connection_string
[docs]class AutomationActionLogicApp(AutomationAction):
"""The logic app action that should be triggered. To learn more about Security Center's Workflow Automation capabilities, visit https://aka.ms/ASCWorkflowAutomationLearnMore.
All required parameters must be populated in order to send to Azure.
:param action_type: Required. The type of the action that will be triggered by the
Automation.Constant filled by server. Possible values include: "LogicApp", "EventHub",
"Workspace".
:type action_type: str or ~azure.mgmt.security.models.ActionType
:param logic_app_resource_id: The triggered Logic App Azure Resource ID. This can also reside
on other subscriptions, given that you have permissions to trigger the Logic App.
:type logic_app_resource_id: str
:param uri: The Logic App trigger URI endpoint (it will not be included in any response).
:type uri: str
"""
_validation = {
'action_type': {'required': True},
}
_attribute_map = {
'action_type': {'key': 'actionType', 'type': 'str'},
'logic_app_resource_id': {'key': 'logicAppResourceId', 'type': 'str'},
'uri': {'key': 'uri', 'type': 'str'},
}
def __init__(
self,
*,
logic_app_resource_id: Optional[str] = None,
uri: Optional[str] = None,
**kwargs
):
super(AutomationActionLogicApp, self).__init__(**kwargs)
self.action_type = 'LogicApp' # type: str
self.logic_app_resource_id = logic_app_resource_id
self.uri = uri
[docs]class AutomationActionWorkspace(AutomationAction):
"""The Log Analytics Workspace to which event data will be exported. Security alerts data will reside in the 'SecurityAlert' table and the assessments data will reside in the 'SecurityRecommendation' table (under the 'Security'/'SecurityCenterFree' solutions). Note that in order to view the data in the workspace, the Security Center Log Analytics free/standard solution needs to be enabled on that workspace. To learn more about Security Center continuous export capabilities, visit https://aka.ms/ASCExportLearnMore.
All required parameters must be populated in order to send to Azure.
:param action_type: Required. The type of the action that will be triggered by the
Automation.Constant filled by server. Possible values include: "LogicApp", "EventHub",
"Workspace".
:type action_type: str or ~azure.mgmt.security.models.ActionType
:param workspace_resource_id: The fully qualified Log Analytics Workspace Azure Resource ID.
:type workspace_resource_id: str
"""
_validation = {
'action_type': {'required': True},
}
_attribute_map = {
'action_type': {'key': 'actionType', 'type': 'str'},
'workspace_resource_id': {'key': 'workspaceResourceId', 'type': 'str'},
}
def __init__(
self,
*,
workspace_resource_id: Optional[str] = None,
**kwargs
):
super(AutomationActionWorkspace, self).__init__(**kwargs)
self.action_type = 'Workspace' # type: str
self.workspace_resource_id = workspace_resource_id
[docs]class AutomationList(msrest.serialization.Model):
"""List of security automations response.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:param value: Required. The list of security automations under the given scope.
:type value: list[~azure.mgmt.security.models.Automation]
:ivar next_link: The URI to fetch the next page.
:vartype next_link: str
"""
_validation = {
'value': {'required': True},
'next_link': {'readonly': True},
}
_attribute_map = {
'value': {'key': 'value', 'type': '[Automation]'},
'next_link': {'key': 'nextLink', 'type': 'str'},
}
def __init__(
self,
*,
value: List["Automation"],
**kwargs
):
super(AutomationList, self).__init__(**kwargs)
self.value = value
self.next_link = None
[docs]class AutomationRuleSet(msrest.serialization.Model):
"""A rule set which evaluates all its rules upon an event interception. Only when all the included rules in the rule set will be evaluated as 'true', will the event trigger the defined actions.
:param rules:
:type rules: list[~azure.mgmt.security.models.AutomationTriggeringRule]
"""
_attribute_map = {
'rules': {'key': 'rules', 'type': '[AutomationTriggeringRule]'},
}
def __init__(
self,
*,
rules: Optional[List["AutomationTriggeringRule"]] = None,
**kwargs
):
super(AutomationRuleSet, self).__init__(**kwargs)
self.rules = rules
[docs]class AutomationScope(msrest.serialization.Model):
"""A single automation scope.
:param description: The resources scope description.
:type description: str
:param scope_path: The resources scope path. Can be the subscription on which the automation is
defined on or a resource group under that subscription (fully qualified Azure resource IDs).
:type scope_path: str
"""
_attribute_map = {
'description': {'key': 'description', 'type': 'str'},
'scope_path': {'key': 'scopePath', 'type': 'str'},
}
def __init__(
self,
*,
description: Optional[str] = None,
scope_path: Optional[str] = None,
**kwargs
):
super(AutomationScope, self).__init__(**kwargs)
self.description = description
self.scope_path = scope_path
[docs]class AutomationSource(msrest.serialization.Model):
"""The source event types which evaluate the security automation set of rules. For example - security alerts and security assessments. To learn more about the supported security events data models schemas - please visit https://aka.ms/ASCAutomationSchemas.
:param event_source: A valid event source type. Possible values include: "Assessments",
"SubAssessments", "Alerts", "SecureScores", "SecureScoresSnapshot", "SecureScoreControls",
"SecureScoreControlsSnapshot", "RegulatoryComplianceAssessment",
"RegulatoryComplianceAssessmentSnapshot".
:type event_source: str or ~azure.mgmt.security.models.EventSource
:param rule_sets: A set of rules which evaluate upon event interception. A logical disjunction
is applied between defined rule sets (logical 'or').
:type rule_sets: list[~azure.mgmt.security.models.AutomationRuleSet]
"""
_attribute_map = {
'event_source': {'key': 'eventSource', 'type': 'str'},
'rule_sets': {'key': 'ruleSets', 'type': '[AutomationRuleSet]'},
}
def __init__(
self,
*,
event_source: Optional[Union[str, "EventSource"]] = None,
rule_sets: Optional[List["AutomationRuleSet"]] = None,
**kwargs
):
super(AutomationSource, self).__init__(**kwargs)
self.event_source = event_source
self.rule_sets = rule_sets
[docs]class AutomationTriggeringRule(msrest.serialization.Model):
"""A rule which is evaluated upon event interception. The rule is configured by comparing a specific value from the event model to an expected value. This comparison is done by using one of the supported operators set.
:param property_j_path: The JPath of the entity model property that should be checked.
:type property_j_path: str
:param property_type: The data type of the compared operands (string, integer, floating point
number or a boolean [true/false]]. Possible values include: "String", "Integer", "Number",
"Boolean".
:type property_type: str or ~azure.mgmt.security.models.PropertyType
:param expected_value: The expected value.
:type expected_value: str
:param operator: A valid comparer operator to use. A case-insensitive comparison will be
applied for String PropertyType. Possible values include: "Equals", "GreaterThan",
"GreaterThanOrEqualTo", "LesserThan", "LesserThanOrEqualTo", "NotEquals", "Contains",
"StartsWith", "EndsWith".
:type operator: str or ~azure.mgmt.security.models.Operator
"""
_attribute_map = {
'property_j_path': {'key': 'propertyJPath', 'type': 'str'},
'property_type': {'key': 'propertyType', 'type': 'str'},
'expected_value': {'key': 'expectedValue', 'type': 'str'},
'operator': {'key': 'operator', 'type': 'str'},
}
def __init__(
self,
*,
property_j_path: Optional[str] = None,
property_type: Optional[Union[str, "PropertyType"]] = None,
expected_value: Optional[str] = None,
operator: Optional[Union[str, "Operator"]] = None,
**kwargs
):
super(AutomationTriggeringRule, self).__init__(**kwargs)
self.property_j_path = property_j_path
self.property_type = property_type
self.expected_value = expected_value
self.operator = operator
[docs]class AutomationValidationStatus(msrest.serialization.Model):
"""The security automation model state property bag.
:param is_valid: Indicates whether the model is valid or not.
:type is_valid: bool
:param message: The validation message.
:type message: str
"""
_attribute_map = {
'is_valid': {'key': 'isValid', 'type': 'bool'},
'message': {'key': 'message', 'type': 'str'},
}
def __init__(
self,
*,
is_valid: Optional[bool] = None,
message: Optional[str] = None,
**kwargs
):
super(AutomationValidationStatus, self).__init__(**kwargs)
self.is_valid = is_valid
self.message = message
[docs]class AutoProvisioningSetting(Resource):
"""Auto provisioning setting.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:param auto_provision: Describes what kind of security agent provisioning action to take.
Possible values include: "On", "Off".
:type auto_provision: str or ~azure.mgmt.security.models.AutoProvision
"""
_validation = {
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
}
_attribute_map = {
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'auto_provision': {'key': 'properties.autoProvision', 'type': 'str'},
}
def __init__(
self,
*,
auto_provision: Optional[Union[str, "AutoProvision"]] = None,
**kwargs
):
super(AutoProvisioningSetting, self).__init__(**kwargs)
self.auto_provision = auto_provision
[docs]class AutoProvisioningSettingList(msrest.serialization.Model):
"""List of all the auto provisioning settings response.
Variables are only populated by the server, and will be ignored when sending a request.
:param value: List of all the auto provisioning settings.
:type value: list[~azure.mgmt.security.models.AutoProvisioningSetting]
:ivar next_link: The URI to fetch the next page.
:vartype next_link: str
"""
_validation = {
'next_link': {'readonly': True},
}
_attribute_map = {
'value': {'key': 'value', 'type': '[AutoProvisioningSetting]'},
'next_link': {'key': 'nextLink', 'type': 'str'},
}
def __init__(
self,
*,
value: Optional[List["AutoProvisioningSetting"]] = None,
**kwargs
):
super(AutoProvisioningSettingList, self).__init__(**kwargs)
self.value = value
self.next_link = None
[docs]class AwAssumeRoleAuthenticationDetailsProperties(AuthenticationDetailsProperties):
"""AWS cloud account connector based assume role, the role enables delegating access to your AWS resources. The role is composed of role Amazon Resource Name (ARN) and external ID. For more details, refer to :code:`<a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user.html">Creating a Role to Delegate Permissions to an IAM User (write only)</a>`.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:ivar authentication_provisioning_state: State of the multi-cloud connector. Possible values
include: "Valid", "Invalid", "Expired", "IncorrectPolicy".
:vartype authentication_provisioning_state: str or
~azure.mgmt.security.models.AuthenticationProvisioningState
:ivar granted_permissions: The permissions detected in the cloud account.
:vartype granted_permissions: list[str or ~azure.mgmt.security.models.PermissionProperty]
:param authentication_type: Required. Connect to your cloud account, for AWS use either account
credentials or role-based authentication. For GCP use account organization credentials.Constant
filled by server. Possible values include: "awsCreds", "awsAssumeRole", "gcpCredentials".
:type authentication_type: str or ~azure.mgmt.security.models.AuthenticationType
:ivar account_id: The ID of the cloud account.
:vartype account_id: str
:param aws_assume_role_arn: Required. Assumed role ID is an identifier that you can use to
create temporary security credentials.
:type aws_assume_role_arn: str
:param aws_external_id: Required. A unique identifier that is required when you assume a role
in another account.
:type aws_external_id: str
"""
_validation = {
'authentication_provisioning_state': {'readonly': True},
'granted_permissions': {'readonly': True},
'authentication_type': {'required': True},
'account_id': {'readonly': True},
'aws_assume_role_arn': {'required': True},
'aws_external_id': {'required': True},
}
_attribute_map = {
'authentication_provisioning_state': {'key': 'authenticationProvisioningState', 'type': 'str'},
'granted_permissions': {'key': 'grantedPermissions', 'type': '[str]'},
'authentication_type': {'key': 'authenticationType', 'type': 'str'},
'account_id': {'key': 'accountId', 'type': 'str'},
'aws_assume_role_arn': {'key': 'awsAssumeRoleArn', 'type': 'str'},
'aws_external_id': {'key': 'awsExternalId', 'type': 'str'},
}
def __init__(
self,
*,
aws_assume_role_arn: str,
aws_external_id: str,
**kwargs
):
super(AwAssumeRoleAuthenticationDetailsProperties, self).__init__(**kwargs)
self.authentication_type = 'awsAssumeRole' # type: str
self.account_id = None
self.aws_assume_role_arn = aws_assume_role_arn
self.aws_external_id = aws_external_id
[docs]class AwsCredsAuthenticationDetailsProperties(AuthenticationDetailsProperties):
"""AWS cloud account connector based credentials, the credentials is composed of access key ID and secret key, for more details, refer to :code:`<a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html">Creating an IAM User in Your AWS Account (write only)</a>`.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:ivar authentication_provisioning_state: State of the multi-cloud connector. Possible values
include: "Valid", "Invalid", "Expired", "IncorrectPolicy".
:vartype authentication_provisioning_state: str or
~azure.mgmt.security.models.AuthenticationProvisioningState
:ivar granted_permissions: The permissions detected in the cloud account.
:vartype granted_permissions: list[str or ~azure.mgmt.security.models.PermissionProperty]
:param authentication_type: Required. Connect to your cloud account, for AWS use either account
credentials or role-based authentication. For GCP use account organization credentials.Constant
filled by server. Possible values include: "awsCreds", "awsAssumeRole", "gcpCredentials".
:type authentication_type: str or ~azure.mgmt.security.models.AuthenticationType
:ivar account_id: The ID of the cloud account.
:vartype account_id: str
:param aws_access_key_id: Required. Public key element of the AWS credential object (write
only).
:type aws_access_key_id: str
:param aws_secret_access_key: Required. Secret key element of the AWS credential object (write
only).
:type aws_secret_access_key: str
"""
_validation = {
'authentication_provisioning_state': {'readonly': True},
'granted_permissions': {'readonly': True},
'authentication_type': {'required': True},
'account_id': {'readonly': True},
'aws_access_key_id': {'required': True},
'aws_secret_access_key': {'required': True},
}
_attribute_map = {
'authentication_provisioning_state': {'key': 'authenticationProvisioningState', 'type': 'str'},
'granted_permissions': {'key': 'grantedPermissions', 'type': '[str]'},
'authentication_type': {'key': 'authenticationType', 'type': 'str'},
'account_id': {'key': 'accountId', 'type': 'str'},
'aws_access_key_id': {'key': 'awsAccessKeyId', 'type': 'str'},
'aws_secret_access_key': {'key': 'awsSecretAccessKey', 'type': 'str'},
}
def __init__(
self,
*,
aws_access_key_id: str,
aws_secret_access_key: str,
**kwargs
):
super(AwsCredsAuthenticationDetailsProperties, self).__init__(**kwargs)
self.authentication_type = 'awsCreds' # type: str
self.account_id = None
self.aws_access_key_id = aws_access_key_id
self.aws_secret_access_key = aws_secret_access_key
[docs]class ResourceDetails(msrest.serialization.Model):
"""Details of the resource that was assessed.
You probably want to use the sub-classes and not this class directly. Known
sub-classes are: AzureResourceDetails, OnPremiseResourceDetails.
All required parameters must be populated in order to send to Azure.
:param source: Required. The platform where the assessed resource resides.Constant filled by
server. Possible values include: "Azure", "OnPremise", "OnPremiseSql".
:type source: str or ~azure.mgmt.security.models.Source
"""
_validation = {
'source': {'required': True},
}
_attribute_map = {
'source': {'key': 'source', 'type': 'str'},
}
_subtype_map = {
'source': {'Azure': 'AzureResourceDetails', 'OnPremise': 'OnPremiseResourceDetails'}
}
def __init__(
self,
**kwargs
):
super(ResourceDetails, self).__init__(**kwargs)
self.source = None # type: Optional[str]
[docs]class AzureResourceDetails(ResourceDetails):
"""Details of the Azure resource that was assessed.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:param source: Required. The platform where the assessed resource resides.Constant filled by
server. Possible values include: "Azure", "OnPremise", "OnPremiseSql".
:type source: str or ~azure.mgmt.security.models.Source
:ivar id: Azure resource Id of the assessed resource.
:vartype id: str
"""
_validation = {
'source': {'required': True},
'id': {'readonly': True},
}
_attribute_map = {
'source': {'key': 'source', 'type': 'str'},
'id': {'key': 'id', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(AzureResourceDetails, self).__init__(**kwargs)
self.source = 'Azure' # type: str
self.id = None
[docs]class ResourceIdentifier(msrest.serialization.Model):
"""A resource identifier for an alert which can be used to direct the alert to the right product exposure group (tenant, workspace, subscription etc.).
You probably want to use the sub-classes and not this class directly. Known
sub-classes are: AzureResourceIdentifier, LogAnalyticsIdentifier.
All required parameters must be populated in order to send to Azure.
:param type: Required. There can be multiple identifiers of different type per alert, this
field specify the identifier type.Constant filled by server. Possible values include:
"AzureResource", "LogAnalytics".
:type type: str or ~azure.mgmt.security.models.ResourceIdentifierType
"""
_validation = {
'type': {'required': True},
}
_attribute_map = {
'type': {'key': 'type', 'type': 'str'},
}
_subtype_map = {
'type': {'AzureResource': 'AzureResourceIdentifier', 'LogAnalytics': 'LogAnalyticsIdentifier'}
}
def __init__(
self,
**kwargs
):
super(ResourceIdentifier, self).__init__(**kwargs)
self.type = None # type: Optional[str]
[docs]class AzureResourceIdentifier(ResourceIdentifier):
"""Azure resource identifier.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:param type: Required. There can be multiple identifiers of different type per alert, this
field specify the identifier type.Constant filled by server. Possible values include:
"AzureResource", "LogAnalytics".
:type type: str or ~azure.mgmt.security.models.ResourceIdentifierType
:ivar azure_resource_id: ARM resource identifier for the cloud resource being alerted on.
:vartype azure_resource_id: str
"""
_validation = {
'type': {'required': True},
'azure_resource_id': {'readonly': True},
}
_attribute_map = {
'type': {'key': 'type', 'type': 'str'},
'azure_resource_id': {'key': 'azureResourceId', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(AzureResourceIdentifier, self).__init__(**kwargs)
self.type = 'AzureResource' # type: str
self.azure_resource_id = None
[docs]class AzureResourceLink(msrest.serialization.Model):
"""Describes an Azure resource with kind.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar id: Azure resource Id.
:vartype id: str
"""
_validation = {
'id': {'readonly': True},
}
_attribute_map = {
'id': {'key': 'id', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(AzureResourceLink, self).__init__(**kwargs)
self.id = None
[docs]class Baseline(msrest.serialization.Model):
"""Baseline details.
:param expected_results: Expected results.
:type expected_results: list[list[str]]
:param updated_time: Baseline update time (UTC).
:type updated_time: ~datetime.datetime
"""
_attribute_map = {
'expected_results': {'key': 'expectedResults', 'type': '[[str]]'},
'updated_time': {'key': 'updatedTime', 'type': 'iso-8601'},
}
def __init__(
self,
*,
expected_results: Optional[List[List[str]]] = None,
updated_time: Optional[datetime.datetime] = None,
**kwargs
):
super(Baseline, self).__init__(**kwargs)
self.expected_results = expected_results
self.updated_time = updated_time
[docs]class BaselineAdjustedResult(msrest.serialization.Model):
"""The rule result adjusted with baseline.
:param baseline: Baseline details.
:type baseline: ~azure.mgmt.security.models.Baseline
:param status: The rule result status. Possible values include: "NonFinding", "Finding",
"InternalError".
:type status: str or ~azure.mgmt.security.models.RuleStatus
:param results_not_in_baseline: Results the are not in baseline.
:type results_not_in_baseline: list[list[str]]
:param results_only_in_baseline: Results the are in baseline.
:type results_only_in_baseline: list[list[str]]
"""
_attribute_map = {
'baseline': {'key': 'baseline', 'type': 'Baseline'},
'status': {'key': 'status', 'type': 'str'},
'results_not_in_baseline': {'key': 'resultsNotInBaseline', 'type': '[[str]]'},
'results_only_in_baseline': {'key': 'resultsOnlyInBaseline', 'type': '[[str]]'},
}
def __init__(
self,
*,
baseline: Optional["Baseline"] = None,
status: Optional[Union[str, "RuleStatus"]] = None,
results_not_in_baseline: Optional[List[List[str]]] = None,
results_only_in_baseline: Optional[List[List[str]]] = None,
**kwargs
):
super(BaselineAdjustedResult, self).__init__(**kwargs)
self.baseline = baseline
self.status = status
self.results_not_in_baseline = results_not_in_baseline
self.results_only_in_baseline = results_only_in_baseline
[docs]class BenchmarkReference(msrest.serialization.Model):
"""The benchmark references.
:param benchmark: The benchmark name.
:type benchmark: str
:param reference: The benchmark reference.
:type reference: str
"""
_attribute_map = {
'benchmark': {'key': 'benchmark', 'type': 'str'},
'reference': {'key': 'reference', 'type': 'str'},
}
def __init__(
self,
*,
benchmark: Optional[str] = None,
reference: Optional[str] = None,
**kwargs
):
super(BenchmarkReference, self).__init__(**kwargs)
self.benchmark = benchmark
self.reference = reference
[docs]class CefExternalSecuritySolution(ExternalSecuritySolution):
"""Represents a security solution which sends CEF logs to an OMS workspace.
Variables are only populated by the server, and will be ignored when sending a request.
:param kind: The kind of the external solution. Possible values include: "CEF", "ATA", "AAD".
:type kind: str or ~azure.mgmt.security.models.ExternalSecuritySolutionKindEnum
:ivar location: Location where the resource is stored.
:vartype location: str
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:param properties: The external security solution properties for CEF solutions.
:type properties: ~azure.mgmt.security.models.CefSolutionProperties
"""
_validation = {
'location': {'readonly': True},
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
}
_attribute_map = {
'kind': {'key': 'kind', 'type': 'str'},
'location': {'key': 'location', 'type': 'str'},
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'properties': {'key': 'properties', 'type': 'CefSolutionProperties'},
}
def __init__(
self,
*,
kind: Optional[Union[str, "ExternalSecuritySolutionKindEnum"]] = None,
properties: Optional["CefSolutionProperties"] = None,
**kwargs
):
super(CefExternalSecuritySolution, self).__init__(kind=kind, **kwargs)
self.properties = properties
[docs]class CefSolutionProperties(ExternalSecuritySolutionProperties):
"""The external security solution properties for CEF solutions.
:param additional_properties: Unmatched properties from the message are deserialized to this
collection.
:type additional_properties: dict[str, any]
:param device_vendor:
:type device_vendor: str
:param device_type:
:type device_type: str
:param workspace: Represents an OMS workspace to which the solution is connected.
:type workspace: ~azure.mgmt.security.models.ConnectedWorkspace
:param hostname:
:type hostname: str
:param agent:
:type agent: str
:param last_event_received:
:type last_event_received: str
"""
_attribute_map = {
'additional_properties': {'key': '', 'type': '{object}'},
'device_vendor': {'key': 'deviceVendor', 'type': 'str'},
'device_type': {'key': 'deviceType', 'type': 'str'},
'workspace': {'key': 'workspace', 'type': 'ConnectedWorkspace'},
'hostname': {'key': 'hostname', 'type': 'str'},
'agent': {'key': 'agent', 'type': 'str'},
'last_event_received': {'key': 'lastEventReceived', 'type': 'str'},
}
def __init__(
self,
*,
additional_properties: Optional[Dict[str, Any]] = None,
device_vendor: Optional[str] = None,
device_type: Optional[str] = None,
workspace: Optional["ConnectedWorkspace"] = None,
hostname: Optional[str] = None,
agent: Optional[str] = None,
last_event_received: Optional[str] = None,
**kwargs
):
super(CefSolutionProperties, self).__init__(additional_properties=additional_properties, device_vendor=device_vendor, device_type=device_type, workspace=workspace, **kwargs)
self.hostname = hostname
self.agent = agent
self.last_event_received = last_event_received
[docs]class CloudErrorBody(msrest.serialization.Model):
"""The error detail.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar code: The error code.
:vartype code: str
:ivar message: The error message.
:vartype message: str
:ivar target: The error target.
:vartype target: str
:ivar details: The error details.
:vartype details: list[~azure.mgmt.security.models.CloudErrorBody]
:ivar additional_info: The error additional info.
:vartype additional_info: list[~azure.mgmt.security.models.ErrorAdditionalInfo]
"""
_validation = {
'code': {'readonly': True},
'message': {'readonly': True},
'target': {'readonly': True},
'details': {'readonly': True},
'additional_info': {'readonly': True},
}
_attribute_map = {
'code': {'key': 'code', 'type': 'str'},
'message': {'key': 'message', 'type': 'str'},
'target': {'key': 'target', 'type': 'str'},
'details': {'key': 'details', 'type': '[CloudErrorBody]'},
'additional_info': {'key': 'additionalInfo', 'type': '[ErrorAdditionalInfo]'},
}
def __init__(
self,
**kwargs
):
super(CloudErrorBody, self).__init__(**kwargs)
self.code = None
self.message = None
self.target = None
self.details = None
self.additional_info = None
[docs]class Compliance(Resource):
"""Compliance of a scope.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:ivar assessment_timestamp_utc_date: The timestamp when the Compliance calculation was
conducted.
:vartype assessment_timestamp_utc_date: ~datetime.datetime
:ivar resource_count: The resource count of the given subscription for which the Compliance
calculation was conducted (needed for Management Group Compliance calculation).
:vartype resource_count: int
:ivar assessment_result: An array of segment, which is the actually the compliance assessment.
:vartype assessment_result: list[~azure.mgmt.security.models.ComplianceSegment]
"""
_validation = {
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
'assessment_timestamp_utc_date': {'readonly': True},
'resource_count': {'readonly': True},
'assessment_result': {'readonly': True},
}
_attribute_map = {
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'assessment_timestamp_utc_date': {'key': 'properties.assessmentTimestampUtcDate', 'type': 'iso-8601'},
'resource_count': {'key': 'properties.resourceCount', 'type': 'int'},
'assessment_result': {'key': 'properties.assessmentResult', 'type': '[ComplianceSegment]'},
}
def __init__(
self,
**kwargs
):
super(Compliance, self).__init__(**kwargs)
self.assessment_timestamp_utc_date = None
self.resource_count = None
self.assessment_result = None
[docs]class ComplianceList(msrest.serialization.Model):
"""List of Compliance objects response.
Variables are only populated by the server, and will be ignored when sending a request.
:param value: List of Compliance objects.
:type value: list[~azure.mgmt.security.models.Compliance]
:ivar next_link: The URI to fetch the next page.
:vartype next_link: str
"""
_validation = {
'next_link': {'readonly': True},
}
_attribute_map = {
'value': {'key': 'value', 'type': '[Compliance]'},
'next_link': {'key': 'nextLink', 'type': 'str'},
}
def __init__(
self,
*,
value: Optional[List["Compliance"]] = None,
**kwargs
):
super(ComplianceList, self).__init__(**kwargs)
self.value = value
self.next_link = None
[docs]class ComplianceResult(Resource):
"""a compliance result.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:ivar resource_status: The status of the resource regarding a single assessment. Possible
values include: "Healthy", "NotApplicable", "OffByPolicy", "NotHealthy".
:vartype resource_status: str or ~azure.mgmt.security.models.ResourceStatus
"""
_validation = {
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
'resource_status': {'readonly': True},
}
_attribute_map = {
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'resource_status': {'key': 'properties.resourceStatus', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(ComplianceResult, self).__init__(**kwargs)
self.resource_status = None
[docs]class ComplianceResultList(msrest.serialization.Model):
"""List of compliance results response.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:param value: Required. List of compliance results.
:type value: list[~azure.mgmt.security.models.ComplianceResult]
:ivar next_link: The URI to fetch the next page.
:vartype next_link: str
"""
_validation = {
'value': {'required': True},
'next_link': {'readonly': True},
}
_attribute_map = {
'value': {'key': 'value', 'type': '[ComplianceResult]'},
'next_link': {'key': 'nextLink', 'type': 'str'},
}
def __init__(
self,
*,
value: List["ComplianceResult"],
**kwargs
):
super(ComplianceResultList, self).__init__(**kwargs)
self.value = value
self.next_link = None
[docs]class ComplianceSegment(msrest.serialization.Model):
"""A segment of a compliance assessment.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar segment_type: The segment type, e.g. compliant, non-compliance, insufficient coverage,
N/A, etc.
:vartype segment_type: str
:ivar percentage: The size (%) of the segment.
:vartype percentage: float
"""
_validation = {
'segment_type': {'readonly': True},
'percentage': {'readonly': True},
}
_attribute_map = {
'segment_type': {'key': 'segmentType', 'type': 'str'},
'percentage': {'key': 'percentage', 'type': 'float'},
}
def __init__(
self,
**kwargs
):
super(ComplianceSegment, self).__init__(**kwargs)
self.segment_type = None
self.percentage = None
[docs]class ConnectableResource(msrest.serialization.Model):
"""Describes the allowed inbound and outbound traffic of an Azure resource.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar id: The Azure resource id.
:vartype id: str
:ivar inbound_connected_resources: The list of Azure resources that the resource has inbound
allowed connection from.
:vartype inbound_connected_resources: list[~azure.mgmt.security.models.ConnectedResource]
:ivar outbound_connected_resources: The list of Azure resources that the resource has outbound
allowed connection to.
:vartype outbound_connected_resources: list[~azure.mgmt.security.models.ConnectedResource]
"""
_validation = {
'id': {'readonly': True},
'inbound_connected_resources': {'readonly': True},
'outbound_connected_resources': {'readonly': True},
}
_attribute_map = {
'id': {'key': 'id', 'type': 'str'},
'inbound_connected_resources': {'key': 'inboundConnectedResources', 'type': '[ConnectedResource]'},
'outbound_connected_resources': {'key': 'outboundConnectedResources', 'type': '[ConnectedResource]'},
}
def __init__(
self,
**kwargs
):
super(ConnectableResource, self).__init__(**kwargs)
self.id = None
self.inbound_connected_resources = None
self.outbound_connected_resources = None
[docs]class ConnectedResource(msrest.serialization.Model):
"""Describes properties of a connected resource.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar connected_resource_id: The Azure resource id of the connected resource.
:vartype connected_resource_id: str
:ivar tcp_ports: The allowed tcp ports.
:vartype tcp_ports: str
:ivar udp_ports: The allowed udp ports.
:vartype udp_ports: str
"""
_validation = {
'connected_resource_id': {'readonly': True},
'tcp_ports': {'readonly': True},
'udp_ports': {'readonly': True},
}
_attribute_map = {
'connected_resource_id': {'key': 'connectedResourceId', 'type': 'str'},
'tcp_ports': {'key': 'tcpPorts', 'type': 'str'},
'udp_ports': {'key': 'udpPorts', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(ConnectedResource, self).__init__(**kwargs)
self.connected_resource_id = None
self.tcp_ports = None
self.udp_ports = None
[docs]class ConnectedWorkspace(msrest.serialization.Model):
"""Represents an OMS workspace to which the solution is connected.
:param id: Azure resource ID of the connected OMS workspace.
:type id: str
"""
_attribute_map = {
'id': {'key': 'id', 'type': 'str'},
}
def __init__(
self,
*,
id: Optional[str] = None,
**kwargs
):
super(ConnectedWorkspace, self).__init__(**kwargs)
self.id = id
[docs]class ConnectionFromIpNotAllowed(AllowlistCustomAlertRule):
"""Inbound connection from an ip that isn't allowed. Allow list consists of ipv4 or ipv6 range in CIDR notation.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:ivar display_name: The display name of the custom alert.
:vartype display_name: str
:ivar description: The description of the custom alert.
:vartype description: str
:param is_enabled: Required. Status of the custom alert.
:type is_enabled: bool
:param rule_type: Required. The type of the custom alert rule.Constant filled by server.
:type rule_type: str
:ivar value_type: The value type of the items in the list. Possible values include: "IpCidr",
"String".
:vartype value_type: str or ~azure.mgmt.security.models.ValueType
:param allowlist_values: Required. The values to allow. The format of the values depends on the
rule type.
:type allowlist_values: list[str]
"""
_validation = {
'display_name': {'readonly': True},
'description': {'readonly': True},
'is_enabled': {'required': True},
'rule_type': {'required': True},
'value_type': {'readonly': True},
'allowlist_values': {'required': True},
}
_attribute_map = {
'display_name': {'key': 'displayName', 'type': 'str'},
'description': {'key': 'description', 'type': 'str'},
'is_enabled': {'key': 'isEnabled', 'type': 'bool'},
'rule_type': {'key': 'ruleType', 'type': 'str'},
'value_type': {'key': 'valueType', 'type': 'str'},
'allowlist_values': {'key': 'allowlistValues', 'type': '[str]'},
}
def __init__(
self,
*,
is_enabled: bool,
allowlist_values: List[str],
**kwargs
):
super(ConnectionFromIpNotAllowed, self).__init__(is_enabled=is_enabled, allowlist_values=allowlist_values, **kwargs)
self.rule_type = 'ConnectionFromIpNotAllowed' # type: str
[docs]class ConnectionStrings(msrest.serialization.Model):
"""Connection string for ingesting security data and logs.
All required parameters must be populated in order to send to Azure.
:param value: Required. Connection strings.
:type value: list[~azure.mgmt.security.models.IngestionConnectionString]
"""
_validation = {
'value': {'required': True},
}
_attribute_map = {
'value': {'key': 'value', 'type': '[IngestionConnectionString]'},
}
def __init__(
self,
*,
value: List["IngestionConnectionString"],
**kwargs
):
super(ConnectionStrings, self).__init__(**kwargs)
self.value = value
[docs]class ConnectionToIpNotAllowed(AllowlistCustomAlertRule):
"""Outbound connection to an ip that isn't allowed. Allow list consists of ipv4 or ipv6 range in CIDR notation.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:ivar display_name: The display name of the custom alert.
:vartype display_name: str
:ivar description: The description of the custom alert.
:vartype description: str
:param is_enabled: Required. Status of the custom alert.
:type is_enabled: bool
:param rule_type: Required. The type of the custom alert rule.Constant filled by server.
:type rule_type: str
:ivar value_type: The value type of the items in the list. Possible values include: "IpCidr",
"String".
:vartype value_type: str or ~azure.mgmt.security.models.ValueType
:param allowlist_values: Required. The values to allow. The format of the values depends on the
rule type.
:type allowlist_values: list[str]
"""
_validation = {
'display_name': {'readonly': True},
'description': {'readonly': True},
'is_enabled': {'required': True},
'rule_type': {'required': True},
'value_type': {'readonly': True},
'allowlist_values': {'required': True},
}
_attribute_map = {
'display_name': {'key': 'displayName', 'type': 'str'},
'description': {'key': 'description', 'type': 'str'},
'is_enabled': {'key': 'isEnabled', 'type': 'bool'},
'rule_type': {'key': 'ruleType', 'type': 'str'},
'value_type': {'key': 'valueType', 'type': 'str'},
'allowlist_values': {'key': 'allowlistValues', 'type': '[str]'},
}
def __init__(
self,
*,
is_enabled: bool,
allowlist_values: List[str],
**kwargs
):
super(ConnectionToIpNotAllowed, self).__init__(is_enabled=is_enabled, allowlist_values=allowlist_values, **kwargs)
self.rule_type = 'ConnectionToIpNotAllowed' # type: str
[docs]class ConnectorSetting(Resource):
"""The connector setting.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:param hybrid_compute_settings: Settings for hybrid compute management. These settings are
relevant only for Arc autoProvision (Hybrid Compute).
:type hybrid_compute_settings: ~azure.mgmt.security.models.HybridComputeSettingsProperties
:param authentication_details: Settings for authentication management, these settings are
relevant only for the cloud connector.
:type authentication_details: ~azure.mgmt.security.models.AuthenticationDetailsProperties
"""
_validation = {
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
}
_attribute_map = {
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'hybrid_compute_settings': {'key': 'properties.hybridComputeSettings', 'type': 'HybridComputeSettingsProperties'},
'authentication_details': {'key': 'properties.authenticationDetails', 'type': 'AuthenticationDetailsProperties'},
}
def __init__(
self,
*,
hybrid_compute_settings: Optional["HybridComputeSettingsProperties"] = None,
authentication_details: Optional["AuthenticationDetailsProperties"] = None,
**kwargs
):
super(ConnectorSetting, self).__init__(**kwargs)
self.hybrid_compute_settings = hybrid_compute_settings
self.authentication_details = authentication_details
[docs]class ConnectorSettingList(msrest.serialization.Model):
"""For a subscription, list of all cloud account connectors and their settings.
Variables are only populated by the server, and will be ignored when sending a request.
:param value: List of all the cloud account connector settings.
:type value: list[~azure.mgmt.security.models.ConnectorSetting]
:ivar next_link: The URI to fetch the next page.
:vartype next_link: str
"""
_validation = {
'next_link': {'readonly': True},
}
_attribute_map = {
'value': {'key': 'value', 'type': '[ConnectorSetting]'},
'next_link': {'key': 'nextLink', 'type': 'str'},
}
def __init__(
self,
*,
value: Optional[List["ConnectorSetting"]] = None,
**kwargs
):
super(ConnectorSettingList, self).__init__(**kwargs)
self.value = value
self.next_link = None
[docs]class ContainerRegistryVulnerabilityProperties(AdditionalData):
"""Additional context fields for container registry Vulnerability assessment.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:param assessed_resource_type: Required. Sub-assessment resource type.Constant filled by
server. Possible values include: "SqlServerVulnerability", "ContainerRegistryVulnerability",
"ServerVulnerability".
:type assessed_resource_type: str or ~azure.mgmt.security.models.AssessedResourceType
:ivar type: Vulnerability Type. e.g: Vulnerability, Potential Vulnerability, Information
Gathered, Vulnerability.
:vartype type: str
:ivar cvss: Dictionary from cvss version to cvss details object.
:vartype cvss: dict[str, ~azure.mgmt.security.models.CVSS]
:ivar patchable: Indicates whether a patch is available or not.
:vartype patchable: bool
:ivar cve: List of CVEs.
:vartype cve: list[~azure.mgmt.security.models.CVE]
:ivar published_time: Published time.
:vartype published_time: ~datetime.datetime
:ivar vendor_references:
:vartype vendor_references: list[~azure.mgmt.security.models.VendorReference]
:ivar repository_name: Name of the repository which the vulnerable image belongs to.
:vartype repository_name: str
:ivar image_digest: Digest of the vulnerable image.
:vartype image_digest: str
"""
_validation = {
'assessed_resource_type': {'required': True},
'type': {'readonly': True},
'cvss': {'readonly': True},
'patchable': {'readonly': True},
'cve': {'readonly': True},
'published_time': {'readonly': True},
'vendor_references': {'readonly': True},
'repository_name': {'readonly': True},
'image_digest': {'readonly': True},
}
_attribute_map = {
'assessed_resource_type': {'key': 'assessedResourceType', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'cvss': {'key': 'cvss', 'type': '{CVSS}'},
'patchable': {'key': 'patchable', 'type': 'bool'},
'cve': {'key': 'cve', 'type': '[CVE]'},
'published_time': {'key': 'publishedTime', 'type': 'iso-8601'},
'vendor_references': {'key': 'vendorReferences', 'type': '[VendorReference]'},
'repository_name': {'key': 'repositoryName', 'type': 'str'},
'image_digest': {'key': 'imageDigest', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(ContainerRegistryVulnerabilityProperties, self).__init__(**kwargs)
self.assessed_resource_type = 'ContainerRegistryVulnerability' # type: str
self.type = None
self.cvss = None
self.patchable = None
self.cve = None
self.published_time = None
self.vendor_references = None
self.repository_name = None
self.image_digest = None
[docs]class CVE(msrest.serialization.Model):
"""CVE details.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar title: CVE title.
:vartype title: str
:ivar link: Link url.
:vartype link: str
"""
_validation = {
'title': {'readonly': True},
'link': {'readonly': True},
}
_attribute_map = {
'title': {'key': 'title', 'type': 'str'},
'link': {'key': 'link', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(CVE, self).__init__(**kwargs)
self.title = None
self.link = None
[docs]class CVSS(msrest.serialization.Model):
"""CVSS details.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar base: CVSS base.
:vartype base: float
"""
_validation = {
'base': {'readonly': True},
}
_attribute_map = {
'base': {'key': 'base', 'type': 'float'},
}
def __init__(
self,
**kwargs
):
super(CVSS, self).__init__(**kwargs)
self.base = None
[docs]class DataExportSettings(Setting):
"""Represents a data export setting.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:param kind: Required. the kind of the settings string.Constant filled by server. Possible
values include: "DataExportSettings", "AlertSuppressionSetting", "AlertSyncSettings".
:type kind: str or ~azure.mgmt.security.models.SettingKind
:param enabled: Is the data export setting enabled.
:type enabled: bool
"""
_validation = {
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
'kind': {'required': True},
}
_attribute_map = {
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'kind': {'key': 'kind', 'type': 'str'},
'enabled': {'key': 'properties.enabled', 'type': 'bool'},
}
def __init__(
self,
*,
enabled: Optional[bool] = None,
**kwargs
):
super(DataExportSettings, self).__init__(**kwargs)
self.kind = 'DataExportSettings' # type: str
self.enabled = enabled
[docs]class DenylistCustomAlertRule(ListCustomAlertRule):
"""A custom alert rule that checks if a value (depends on the custom alert type) is denied.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:ivar display_name: The display name of the custom alert.
:vartype display_name: str
:ivar description: The description of the custom alert.
:vartype description: str
:param is_enabled: Required. Status of the custom alert.
:type is_enabled: bool
:param rule_type: Required. The type of the custom alert rule.Constant filled by server.
:type rule_type: str
:ivar value_type: The value type of the items in the list. Possible values include: "IpCidr",
"String".
:vartype value_type: str or ~azure.mgmt.security.models.ValueType
:param denylist_values: Required. The values to deny. The format of the values depends on the
rule type.
:type denylist_values: list[str]
"""
_validation = {
'display_name': {'readonly': True},
'description': {'readonly': True},
'is_enabled': {'required': True},
'rule_type': {'required': True},
'value_type': {'readonly': True},
'denylist_values': {'required': True},
}
_attribute_map = {
'display_name': {'key': 'displayName', 'type': 'str'},
'description': {'key': 'description', 'type': 'str'},
'is_enabled': {'key': 'isEnabled', 'type': 'bool'},
'rule_type': {'key': 'ruleType', 'type': 'str'},
'value_type': {'key': 'valueType', 'type': 'str'},
'denylist_values': {'key': 'denylistValues', 'type': '[str]'},
}
def __init__(
self,
*,
is_enabled: bool,
denylist_values: List[str],
**kwargs
):
super(DenylistCustomAlertRule, self).__init__(is_enabled=is_enabled, **kwargs)
self.rule_type = 'DenylistCustomAlertRule' # type: str
self.denylist_values = denylist_values
[docs]class DeviceSecurityGroup(Resource):
"""The device security group resource.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:param threshold_rules: The list of custom alert threshold rules.
:type threshold_rules: list[~azure.mgmt.security.models.ThresholdCustomAlertRule]
:param time_window_rules: The list of custom alert time-window rules.
:type time_window_rules: list[~azure.mgmt.security.models.TimeWindowCustomAlertRule]
:param allowlist_rules: The allow-list custom alert rules.
:type allowlist_rules: list[~azure.mgmt.security.models.AllowlistCustomAlertRule]
:param denylist_rules: The deny-list custom alert rules.
:type denylist_rules: list[~azure.mgmt.security.models.DenylistCustomAlertRule]
"""
_validation = {
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
}
_attribute_map = {
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'threshold_rules': {'key': 'properties.thresholdRules', 'type': '[ThresholdCustomAlertRule]'},
'time_window_rules': {'key': 'properties.timeWindowRules', 'type': '[TimeWindowCustomAlertRule]'},
'allowlist_rules': {'key': 'properties.allowlistRules', 'type': '[AllowlistCustomAlertRule]'},
'denylist_rules': {'key': 'properties.denylistRules', 'type': '[DenylistCustomAlertRule]'},
}
def __init__(
self,
*,
threshold_rules: Optional[List["ThresholdCustomAlertRule"]] = None,
time_window_rules: Optional[List["TimeWindowCustomAlertRule"]] = None,
allowlist_rules: Optional[List["AllowlistCustomAlertRule"]] = None,
denylist_rules: Optional[List["DenylistCustomAlertRule"]] = None,
**kwargs
):
super(DeviceSecurityGroup, self).__init__(**kwargs)
self.threshold_rules = threshold_rules
self.time_window_rules = time_window_rules
self.allowlist_rules = allowlist_rules
self.denylist_rules = denylist_rules
[docs]class DeviceSecurityGroupList(msrest.serialization.Model):
"""List of device security groups.
Variables are only populated by the server, and will be ignored when sending a request.
:param value: List of device security group objects.
:type value: list[~azure.mgmt.security.models.DeviceSecurityGroup]
:ivar next_link: The URI to fetch the next page.
:vartype next_link: str
"""
_validation = {
'next_link': {'readonly': True},
}
_attribute_map = {
'value': {'key': 'value', 'type': '[DeviceSecurityGroup]'},
'next_link': {'key': 'nextLink', 'type': 'str'},
}
def __init__(
self,
*,
value: Optional[List["DeviceSecurityGroup"]] = None,
**kwargs
):
super(DeviceSecurityGroupList, self).__init__(**kwargs)
self.value = value
self.next_link = None
[docs]class DirectMethodInvokesNotInAllowedRange(TimeWindowCustomAlertRule):
"""Number of direct method invokes is not in allowed range.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:ivar display_name: The display name of the custom alert.
:vartype display_name: str
:ivar description: The description of the custom alert.
:vartype description: str
:param is_enabled: Required. Status of the custom alert.
:type is_enabled: bool
:param rule_type: Required. The type of the custom alert rule.Constant filled by server.
:type rule_type: str
:param min_threshold: Required. The minimum threshold.
:type min_threshold: int
:param max_threshold: Required. The maximum threshold.
:type max_threshold: int
:param time_window_size: Required. The time window size in iso8601 format.
:type time_window_size: ~datetime.timedelta
"""
_validation = {
'display_name': {'readonly': True},
'description': {'readonly': True},
'is_enabled': {'required': True},
'rule_type': {'required': True},
'min_threshold': {'required': True},
'max_threshold': {'required': True},
'time_window_size': {'required': True},
}
_attribute_map = {
'display_name': {'key': 'displayName', 'type': 'str'},
'description': {'key': 'description', 'type': 'str'},
'is_enabled': {'key': 'isEnabled', 'type': 'bool'},
'rule_type': {'key': 'ruleType', 'type': 'str'},
'min_threshold': {'key': 'minThreshold', 'type': 'int'},
'max_threshold': {'key': 'maxThreshold', 'type': 'int'},
'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'},
}
def __init__(
self,
*,
is_enabled: bool,
min_threshold: int,
max_threshold: int,
time_window_size: datetime.timedelta,
**kwargs
):
super(DirectMethodInvokesNotInAllowedRange, self).__init__(is_enabled=is_enabled, min_threshold=min_threshold, max_threshold=max_threshold, time_window_size=time_window_size, **kwargs)
self.rule_type = 'DirectMethodInvokesNotInAllowedRange' # type: str
[docs]class DiscoveredSecuritySolution(Resource, Location):
"""DiscoveredSecuritySolution.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:ivar location: Location where the resource is stored.
:vartype location: str
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:param security_family: Required. The security family of the discovered solution. Possible
values include: "Waf", "Ngfw", "SaasWaf", "Va".
:type security_family: str or ~azure.mgmt.security.models.SecurityFamily
:param offer: Required. The security solutions' image offer.
:type offer: str
:param publisher: Required. The security solutions' image publisher.
:type publisher: str
:param sku: Required. The security solutions' image sku.
:type sku: str
"""
_validation = {
'location': {'readonly': True},
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
'security_family': {'required': True},
'offer': {'required': True},
'publisher': {'required': True},
'sku': {'required': True},
}
_attribute_map = {
'location': {'key': 'location', 'type': 'str'},
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'security_family': {'key': 'properties.securityFamily', 'type': 'str'},
'offer': {'key': 'properties.offer', 'type': 'str'},
'publisher': {'key': 'properties.publisher', 'type': 'str'},
'sku': {'key': 'properties.sku', 'type': 'str'},
}
def __init__(
self,
*,
security_family: Union[str, "SecurityFamily"],
offer: str,
publisher: str,
sku: str,
**kwargs
):
super(DiscoveredSecuritySolution, self).__init__(**kwargs)
self.location = None
self.security_family = security_family
self.offer = offer
self.publisher = publisher
self.sku = sku
self.id = None
self.name = None
self.type = None
self.security_family = security_family
self.offer = offer
self.publisher = publisher
self.sku = sku
[docs]class DiscoveredSecuritySolutionList(msrest.serialization.Model):
"""DiscoveredSecuritySolutionList.
Variables are only populated by the server, and will be ignored when sending a request.
:param value:
:type value: list[~azure.mgmt.security.models.DiscoveredSecuritySolution]
:ivar next_link: The URI to fetch the next page.
:vartype next_link: str
"""
_validation = {
'next_link': {'readonly': True},
}
_attribute_map = {
'value': {'key': 'value', 'type': '[DiscoveredSecuritySolution]'},
'next_link': {'key': 'nextLink', 'type': 'str'},
}
def __init__(
self,
*,
value: Optional[List["DiscoveredSecuritySolution"]] = None,
**kwargs
):
super(DiscoveredSecuritySolutionList, self).__init__(**kwargs)
self.value = value
self.next_link = None
[docs]class EffectiveNetworkSecurityGroups(msrest.serialization.Model):
"""Describes the Network Security Groups effective on a network interface.
:param network_interface: The Azure resource ID of the network interface.
:type network_interface: str
:param network_security_groups: The Network Security Groups effective on the network interface.
:type network_security_groups: list[str]
"""
_attribute_map = {
'network_interface': {'key': 'networkInterface', 'type': 'str'},
'network_security_groups': {'key': 'networkSecurityGroups', 'type': '[str]'},
}
def __init__(
self,
*,
network_interface: Optional[str] = None,
network_security_groups: Optional[List[str]] = None,
**kwargs
):
super(EffectiveNetworkSecurityGroups, self).__init__(**kwargs)
self.network_interface = network_interface
self.network_security_groups = network_security_groups
[docs]class ErrorAdditionalInfo(msrest.serialization.Model):
"""The resource management error additional info.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar type: The additional info type.
:vartype type: str
:ivar info: The additional info.
:vartype info: any
"""
_validation = {
'type': {'readonly': True},
'info': {'readonly': True},
}
_attribute_map = {
'type': {'key': 'type', 'type': 'str'},
'info': {'key': 'info', 'type': 'object'},
}
def __init__(
self,
**kwargs
):
super(ErrorAdditionalInfo, self).__init__(**kwargs)
self.type = None
self.info = None
[docs]class ExternalSecuritySolutionList(msrest.serialization.Model):
"""ExternalSecuritySolutionList.
Variables are only populated by the server, and will be ignored when sending a request.
:param value:
:type value: list[~azure.mgmt.security.models.ExternalSecuritySolution]
:ivar next_link: The URI to fetch the next page.
:vartype next_link: str
"""
_validation = {
'next_link': {'readonly': True},
}
_attribute_map = {
'value': {'key': 'value', 'type': '[ExternalSecuritySolution]'},
'next_link': {'key': 'nextLink', 'type': 'str'},
}
def __init__(
self,
*,
value: Optional[List["ExternalSecuritySolution"]] = None,
**kwargs
):
super(ExternalSecuritySolutionList, self).__init__(**kwargs)
self.value = value
self.next_link = None
[docs]class FailedLocalLoginsNotInAllowedRange(TimeWindowCustomAlertRule):
"""Number of failed local logins is not in allowed range.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:ivar display_name: The display name of the custom alert.
:vartype display_name: str
:ivar description: The description of the custom alert.
:vartype description: str
:param is_enabled: Required. Status of the custom alert.
:type is_enabled: bool
:param rule_type: Required. The type of the custom alert rule.Constant filled by server.
:type rule_type: str
:param min_threshold: Required. The minimum threshold.
:type min_threshold: int
:param max_threshold: Required. The maximum threshold.
:type max_threshold: int
:param time_window_size: Required. The time window size in iso8601 format.
:type time_window_size: ~datetime.timedelta
"""
_validation = {
'display_name': {'readonly': True},
'description': {'readonly': True},
'is_enabled': {'required': True},
'rule_type': {'required': True},
'min_threshold': {'required': True},
'max_threshold': {'required': True},
'time_window_size': {'required': True},
}
_attribute_map = {
'display_name': {'key': 'displayName', 'type': 'str'},
'description': {'key': 'description', 'type': 'str'},
'is_enabled': {'key': 'isEnabled', 'type': 'bool'},
'rule_type': {'key': 'ruleType', 'type': 'str'},
'min_threshold': {'key': 'minThreshold', 'type': 'int'},
'max_threshold': {'key': 'maxThreshold', 'type': 'int'},
'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'},
}
def __init__(
self,
*,
is_enabled: bool,
min_threshold: int,
max_threshold: int,
time_window_size: datetime.timedelta,
**kwargs
):
super(FailedLocalLoginsNotInAllowedRange, self).__init__(is_enabled=is_enabled, min_threshold=min_threshold, max_threshold=max_threshold, time_window_size=time_window_size, **kwargs)
self.rule_type = 'FailedLocalLoginsNotInAllowedRange' # type: str
[docs]class FileUploadsNotInAllowedRange(TimeWindowCustomAlertRule):
"""Number of file uploads is not in allowed range.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:ivar display_name: The display name of the custom alert.
:vartype display_name: str
:ivar description: The description of the custom alert.
:vartype description: str
:param is_enabled: Required. Status of the custom alert.
:type is_enabled: bool
:param rule_type: Required. The type of the custom alert rule.Constant filled by server.
:type rule_type: str
:param min_threshold: Required. The minimum threshold.
:type min_threshold: int
:param max_threshold: Required. The maximum threshold.
:type max_threshold: int
:param time_window_size: Required. The time window size in iso8601 format.
:type time_window_size: ~datetime.timedelta
"""
_validation = {
'display_name': {'readonly': True},
'description': {'readonly': True},
'is_enabled': {'required': True},
'rule_type': {'required': True},
'min_threshold': {'required': True},
'max_threshold': {'required': True},
'time_window_size': {'required': True},
}
_attribute_map = {
'display_name': {'key': 'displayName', 'type': 'str'},
'description': {'key': 'description', 'type': 'str'},
'is_enabled': {'key': 'isEnabled', 'type': 'bool'},
'rule_type': {'key': 'ruleType', 'type': 'str'},
'min_threshold': {'key': 'minThreshold', 'type': 'int'},
'max_threshold': {'key': 'maxThreshold', 'type': 'int'},
'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'},
}
def __init__(
self,
*,
is_enabled: bool,
min_threshold: int,
max_threshold: int,
time_window_size: datetime.timedelta,
**kwargs
):
super(FileUploadsNotInAllowedRange, self).__init__(is_enabled=is_enabled, min_threshold=min_threshold, max_threshold=max_threshold, time_window_size=time_window_size, **kwargs)
self.rule_type = 'FileUploadsNotInAllowedRange' # type: str
[docs]class GcpCredentialsDetailsProperties(AuthenticationDetailsProperties):
"""GCP cloud account connector based service to service credentials, the credentials are composed of the organization ID and a JSON API key (write only).
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:ivar authentication_provisioning_state: State of the multi-cloud connector. Possible values
include: "Valid", "Invalid", "Expired", "IncorrectPolicy".
:vartype authentication_provisioning_state: str or
~azure.mgmt.security.models.AuthenticationProvisioningState
:ivar granted_permissions: The permissions detected in the cloud account.
:vartype granted_permissions: list[str or ~azure.mgmt.security.models.PermissionProperty]
:param authentication_type: Required. Connect to your cloud account, for AWS use either account
credentials or role-based authentication. For GCP use account organization credentials.Constant
filled by server. Possible values include: "awsCreds", "awsAssumeRole", "gcpCredentials".
:type authentication_type: str or ~azure.mgmt.security.models.AuthenticationType
:param organization_id: Required. The organization ID of the GCP cloud account.
:type organization_id: str
:param type: Required. Type field of the API key (write only).
:type type: str
:param project_id: Required. Project ID field of the API key (write only).
:type project_id: str
:param private_key_id: Required. Private key ID field of the API key (write only).
:type private_key_id: str
:param private_key: Required. Private key field of the API key (write only).
:type private_key: str
:param client_email: Required. Client email field of the API key (write only).
:type client_email: str
:param client_id: Required. Client ID field of the API key (write only).
:type client_id: str
:param auth_uri: Required. Auth URI field of the API key (write only).
:type auth_uri: str
:param token_uri: Required. Token URI field of the API key (write only).
:type token_uri: str
:param auth_provider_x509_cert_url: Required. Auth provider x509 certificate URL field of the
API key (write only).
:type auth_provider_x509_cert_url: str
:param client_x509_cert_url: Required. Client x509 certificate URL field of the API key (write
only).
:type client_x509_cert_url: str
"""
_validation = {
'authentication_provisioning_state': {'readonly': True},
'granted_permissions': {'readonly': True},
'authentication_type': {'required': True},
'organization_id': {'required': True},
'type': {'required': True},
'project_id': {'required': True},
'private_key_id': {'required': True},
'private_key': {'required': True},
'client_email': {'required': True},
'client_id': {'required': True},
'auth_uri': {'required': True},
'token_uri': {'required': True},
'auth_provider_x509_cert_url': {'required': True},
'client_x509_cert_url': {'required': True},
}
_attribute_map = {
'authentication_provisioning_state': {'key': 'authenticationProvisioningState', 'type': 'str'},
'granted_permissions': {'key': 'grantedPermissions', 'type': '[str]'},
'authentication_type': {'key': 'authenticationType', 'type': 'str'},
'organization_id': {'key': 'organizationId', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'project_id': {'key': 'projectId', 'type': 'str'},
'private_key_id': {'key': 'privateKeyId', 'type': 'str'},
'private_key': {'key': 'privateKey', 'type': 'str'},
'client_email': {'key': 'clientEmail', 'type': 'str'},
'client_id': {'key': 'clientId', 'type': 'str'},
'auth_uri': {'key': 'authUri', 'type': 'str'},
'token_uri': {'key': 'tokenUri', 'type': 'str'},
'auth_provider_x509_cert_url': {'key': 'authProviderX509CertUrl', 'type': 'str'},
'client_x509_cert_url': {'key': 'clientX509CertUrl', 'type': 'str'},
}
def __init__(
self,
*,
organization_id: str,
type: str,
project_id: str,
private_key_id: str,
private_key: str,
client_email: str,
client_id: str,
auth_uri: str,
token_uri: str,
auth_provider_x509_cert_url: str,
client_x509_cert_url: str,
**kwargs
):
super(GcpCredentialsDetailsProperties, self).__init__(**kwargs)
self.authentication_type = 'gcpCredentials' # type: str
self.organization_id = organization_id
self.type = type
self.project_id = project_id
self.private_key_id = private_key_id
self.private_key = private_key
self.client_email = client_email
self.client_id = client_id
self.auth_uri = auth_uri
self.token_uri = token_uri
self.auth_provider_x509_cert_url = auth_provider_x509_cert_url
self.client_x509_cert_url = client_x509_cert_url
[docs]class HttpC2DMessagesNotInAllowedRange(TimeWindowCustomAlertRule):
"""Number of cloud to device messages (HTTP protocol) is not in allowed range.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:ivar display_name: The display name of the custom alert.
:vartype display_name: str
:ivar description: The description of the custom alert.
:vartype description: str
:param is_enabled: Required. Status of the custom alert.
:type is_enabled: bool
:param rule_type: Required. The type of the custom alert rule.Constant filled by server.
:type rule_type: str
:param min_threshold: Required. The minimum threshold.
:type min_threshold: int
:param max_threshold: Required. The maximum threshold.
:type max_threshold: int
:param time_window_size: Required. The time window size in iso8601 format.
:type time_window_size: ~datetime.timedelta
"""
_validation = {
'display_name': {'readonly': True},
'description': {'readonly': True},
'is_enabled': {'required': True},
'rule_type': {'required': True},
'min_threshold': {'required': True},
'max_threshold': {'required': True},
'time_window_size': {'required': True},
}
_attribute_map = {
'display_name': {'key': 'displayName', 'type': 'str'},
'description': {'key': 'description', 'type': 'str'},
'is_enabled': {'key': 'isEnabled', 'type': 'bool'},
'rule_type': {'key': 'ruleType', 'type': 'str'},
'min_threshold': {'key': 'minThreshold', 'type': 'int'},
'max_threshold': {'key': 'maxThreshold', 'type': 'int'},
'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'},
}
def __init__(
self,
*,
is_enabled: bool,
min_threshold: int,
max_threshold: int,
time_window_size: datetime.timedelta,
**kwargs
):
super(HttpC2DMessagesNotInAllowedRange, self).__init__(is_enabled=is_enabled, min_threshold=min_threshold, max_threshold=max_threshold, time_window_size=time_window_size, **kwargs)
self.rule_type = 'HttpC2DMessagesNotInAllowedRange' # type: str
[docs]class HttpC2DRejectedMessagesNotInAllowedRange(TimeWindowCustomAlertRule):
"""Number of rejected cloud to device messages (HTTP protocol) is not in allowed range.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:ivar display_name: The display name of the custom alert.
:vartype display_name: str
:ivar description: The description of the custom alert.
:vartype description: str
:param is_enabled: Required. Status of the custom alert.
:type is_enabled: bool
:param rule_type: Required. The type of the custom alert rule.Constant filled by server.
:type rule_type: str
:param min_threshold: Required. The minimum threshold.
:type min_threshold: int
:param max_threshold: Required. The maximum threshold.
:type max_threshold: int
:param time_window_size: Required. The time window size in iso8601 format.
:type time_window_size: ~datetime.timedelta
"""
_validation = {
'display_name': {'readonly': True},
'description': {'readonly': True},
'is_enabled': {'required': True},
'rule_type': {'required': True},
'min_threshold': {'required': True},
'max_threshold': {'required': True},
'time_window_size': {'required': True},
}
_attribute_map = {
'display_name': {'key': 'displayName', 'type': 'str'},
'description': {'key': 'description', 'type': 'str'},
'is_enabled': {'key': 'isEnabled', 'type': 'bool'},
'rule_type': {'key': 'ruleType', 'type': 'str'},
'min_threshold': {'key': 'minThreshold', 'type': 'int'},
'max_threshold': {'key': 'maxThreshold', 'type': 'int'},
'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'},
}
def __init__(
self,
*,
is_enabled: bool,
min_threshold: int,
max_threshold: int,
time_window_size: datetime.timedelta,
**kwargs
):
super(HttpC2DRejectedMessagesNotInAllowedRange, self).__init__(is_enabled=is_enabled, min_threshold=min_threshold, max_threshold=max_threshold, time_window_size=time_window_size, **kwargs)
self.rule_type = 'HttpC2DRejectedMessagesNotInAllowedRange' # type: str
[docs]class HttpD2CMessagesNotInAllowedRange(TimeWindowCustomAlertRule):
"""Number of device to cloud messages (HTTP protocol) is not in allowed range.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:ivar display_name: The display name of the custom alert.
:vartype display_name: str
:ivar description: The description of the custom alert.
:vartype description: str
:param is_enabled: Required. Status of the custom alert.
:type is_enabled: bool
:param rule_type: Required. The type of the custom alert rule.Constant filled by server.
:type rule_type: str
:param min_threshold: Required. The minimum threshold.
:type min_threshold: int
:param max_threshold: Required. The maximum threshold.
:type max_threshold: int
:param time_window_size: Required. The time window size in iso8601 format.
:type time_window_size: ~datetime.timedelta
"""
_validation = {
'display_name': {'readonly': True},
'description': {'readonly': True},
'is_enabled': {'required': True},
'rule_type': {'required': True},
'min_threshold': {'required': True},
'max_threshold': {'required': True},
'time_window_size': {'required': True},
}
_attribute_map = {
'display_name': {'key': 'displayName', 'type': 'str'},
'description': {'key': 'description', 'type': 'str'},
'is_enabled': {'key': 'isEnabled', 'type': 'bool'},
'rule_type': {'key': 'ruleType', 'type': 'str'},
'min_threshold': {'key': 'minThreshold', 'type': 'int'},
'max_threshold': {'key': 'maxThreshold', 'type': 'int'},
'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'},
}
def __init__(
self,
*,
is_enabled: bool,
min_threshold: int,
max_threshold: int,
time_window_size: datetime.timedelta,
**kwargs
):
super(HttpD2CMessagesNotInAllowedRange, self).__init__(is_enabled=is_enabled, min_threshold=min_threshold, max_threshold=max_threshold, time_window_size=time_window_size, **kwargs)
self.rule_type = 'HttpD2CMessagesNotInAllowedRange' # type: str
[docs]class HybridComputeSettingsProperties(msrest.serialization.Model):
"""Settings for hybrid compute management.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:ivar hybrid_compute_provisioning_state: State of the service principal and its secret.
Possible values include: "Valid", "Invalid", "Expired".
:vartype hybrid_compute_provisioning_state: str or
~azure.mgmt.security.models.HybridComputeProvisioningState
:param auto_provision: Required. Whether or not to automatically install Azure Arc (hybrid
compute) agents on machines. Possible values include: "On", "Off".
:type auto_provision: str or ~azure.mgmt.security.models.AutoProvision
:param resource_group_name: The name of the resource group where Arc (Hybrid Compute)
connectors are connected.
:type resource_group_name: str
:param region: The location where the metadata of machines will be stored.
:type region: str
:param proxy_server: For a non-Azure machine that is not connected directly to the internet,
specify a proxy server that the non-Azure machine can use.
:type proxy_server: ~azure.mgmt.security.models.ProxyServerProperties
:param service_principal: An object to access resources that are secured by an Azure AD tenant.
:type service_principal: ~azure.mgmt.security.models.ServicePrincipalProperties
"""
_validation = {
'hybrid_compute_provisioning_state': {'readonly': True},
'auto_provision': {'required': True},
}
_attribute_map = {
'hybrid_compute_provisioning_state': {'key': 'hybridComputeProvisioningState', 'type': 'str'},
'auto_provision': {'key': 'autoProvision', 'type': 'str'},
'resource_group_name': {'key': 'resourceGroupName', 'type': 'str'},
'region': {'key': 'region', 'type': 'str'},
'proxy_server': {'key': 'proxyServer', 'type': 'ProxyServerProperties'},
'service_principal': {'key': 'servicePrincipal', 'type': 'ServicePrincipalProperties'},
}
def __init__(
self,
*,
auto_provision: Union[str, "AutoProvision"],
resource_group_name: Optional[str] = None,
region: Optional[str] = None,
proxy_server: Optional["ProxyServerProperties"] = None,
service_principal: Optional["ServicePrincipalProperties"] = None,
**kwargs
):
super(HybridComputeSettingsProperties, self).__init__(**kwargs)
self.hybrid_compute_provisioning_state = None
self.auto_provision = auto_provision
self.resource_group_name = resource_group_name
self.region = region
self.proxy_server = proxy_server
self.service_principal = service_principal
[docs]class IngestionConnectionString(msrest.serialization.Model):
"""Connection string for ingesting security data and logs.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar location: The region where ingested logs and data resides.
:vartype location: str
:ivar value: Connection string value.
:vartype value: str
"""
_validation = {
'location': {'readonly': True},
'value': {'readonly': True},
}
_attribute_map = {
'location': {'key': 'location', 'type': 'str'},
'value': {'key': 'value', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(IngestionConnectionString, self).__init__(**kwargs)
self.location = None
self.value = None
[docs]class IngestionSetting(Resource):
"""Configures how to correlate scan data and logs with resources associated with the subscription.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:param properties: Ingestion setting data.
:type properties: any
"""
_validation = {
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
}
_attribute_map = {
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'properties': {'key': 'properties', 'type': 'object'},
}
def __init__(
self,
*,
properties: Optional[Any] = None,
**kwargs
):
super(IngestionSetting, self).__init__(**kwargs)
self.properties = properties
[docs]class IngestionSettingList(msrest.serialization.Model):
"""List of ingestion settings.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar value: List of ingestion settings.
:vartype value: list[~azure.mgmt.security.models.IngestionSetting]
:ivar next_link: The URI to fetch the next page.
:vartype next_link: str
"""
_validation = {
'value': {'readonly': True},
'next_link': {'readonly': True},
}
_attribute_map = {
'value': {'key': 'value', 'type': '[IngestionSetting]'},
'next_link': {'key': 'nextLink', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(IngestionSettingList, self).__init__(**kwargs)
self.value = None
self.next_link = None
[docs]class IngestionSettingToken(msrest.serialization.Model):
"""Configures how to correlate scan data and logs with resources associated with the subscription.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar token: The token is used for correlating security data and logs with the resources in the
subscription.
:vartype token: str
"""
_validation = {
'token': {'readonly': True},
}
_attribute_map = {
'token': {'key': 'token', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(IngestionSettingToken, self).__init__(**kwargs)
self.token = None
[docs]class IoTSecurityAggregatedAlert(Resource, TagsResource):
"""Security Solution Aggregated Alert information.
Variables are only populated by the server, and will be ignored when sending a request.
:param tags: A set of tags. Resource tags.
:type tags: dict[str, str]
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:ivar alert_type: Name of the alert type.
:vartype alert_type: str
:ivar alert_display_name: Display name of the alert type.
:vartype alert_display_name: str
:ivar aggregated_date_utc: Date of detection.
:vartype aggregated_date_utc: ~datetime.date
:ivar vendor_name: Name of the organization that raised the alert.
:vartype vendor_name: str
:ivar reported_severity: Assessed alert severity. Possible values include: "Informational",
"Low", "Medium", "High".
:vartype reported_severity: str or ~azure.mgmt.security.models.ReportedSeverity
:ivar remediation_steps: Recommended steps for remediation.
:vartype remediation_steps: str
:ivar description: Description of the suspected vulnerability and meaning.
:vartype description: str
:ivar count: Number of alerts occurrences within the aggregated time window.
:vartype count: long
:ivar effected_resource_type: Azure resource ID of the resource that received the alerts.
:vartype effected_resource_type: str
:ivar system_source: The type of the alerted resource (Azure, Non-Azure).
:vartype system_source: str
:ivar action_taken: IoT Security solution alert response.
:vartype action_taken: str
:ivar log_analytics_query: Log analytics query for getting the list of affected devices/alerts.
:vartype log_analytics_query: str
:ivar top_devices_list: 10 devices with the highest number of occurrences of this alert type,
on this day.
:vartype top_devices_list:
list[~azure.mgmt.security.models.IoTSecurityAggregatedAlertPropertiesTopDevicesListItem]
"""
_validation = {
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
'alert_type': {'readonly': True},
'alert_display_name': {'readonly': True},
'aggregated_date_utc': {'readonly': True},
'vendor_name': {'readonly': True},
'reported_severity': {'readonly': True},
'remediation_steps': {'readonly': True},
'description': {'readonly': True},
'count': {'readonly': True},
'effected_resource_type': {'readonly': True},
'system_source': {'readonly': True},
'action_taken': {'readonly': True},
'log_analytics_query': {'readonly': True},
'top_devices_list': {'readonly': True},
}
_attribute_map = {
'tags': {'key': 'tags', 'type': '{str}'},
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'alert_type': {'key': 'properties.alertType', 'type': 'str'},
'alert_display_name': {'key': 'properties.alertDisplayName', 'type': 'str'},
'aggregated_date_utc': {'key': 'properties.aggregatedDateUtc', 'type': 'date'},
'vendor_name': {'key': 'properties.vendorName', 'type': 'str'},
'reported_severity': {'key': 'properties.reportedSeverity', 'type': 'str'},
'remediation_steps': {'key': 'properties.remediationSteps', 'type': 'str'},
'description': {'key': 'properties.description', 'type': 'str'},
'count': {'key': 'properties.count', 'type': 'long'},
'effected_resource_type': {'key': 'properties.effectedResourceType', 'type': 'str'},
'system_source': {'key': 'properties.systemSource', 'type': 'str'},
'action_taken': {'key': 'properties.actionTaken', 'type': 'str'},
'log_analytics_query': {'key': 'properties.logAnalyticsQuery', 'type': 'str'},
'top_devices_list': {'key': 'properties.topDevicesList', 'type': '[IoTSecurityAggregatedAlertPropertiesTopDevicesListItem]'},
}
def __init__(
self,
*,
tags: Optional[Dict[str, str]] = None,
**kwargs
):
super(IoTSecurityAggregatedAlert, self).__init__(tags=tags, **kwargs)
self.tags = tags
self.alert_type = None
self.alert_display_name = None
self.aggregated_date_utc = None
self.vendor_name = None
self.reported_severity = None
self.remediation_steps = None
self.description = None
self.count = None
self.effected_resource_type = None
self.system_source = None
self.action_taken = None
self.log_analytics_query = None
self.top_devices_list = None
self.id = None
self.name = None
self.type = None
self.alert_type = None
self.alert_display_name = None
self.aggregated_date_utc = None
self.vendor_name = None
self.reported_severity = None
self.remediation_steps = None
self.description = None
self.count = None
self.effected_resource_type = None
self.system_source = None
self.action_taken = None
self.log_analytics_query = None
self.top_devices_list = None
[docs]class IoTSecurityAggregatedAlertList(msrest.serialization.Model):
"""List of IoT Security solution aggregated alert data.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:param value: Required. List of aggregated alerts data.
:type value: list[~azure.mgmt.security.models.IoTSecurityAggregatedAlert]
:ivar next_link: When there is too much alert data for one page, use this URI to fetch the next
page.
:vartype next_link: str
"""
_validation = {
'value': {'required': True},
'next_link': {'readonly': True},
}
_attribute_map = {
'value': {'key': 'value', 'type': '[IoTSecurityAggregatedAlert]'},
'next_link': {'key': 'nextLink', 'type': 'str'},
}
def __init__(
self,
*,
value: List["IoTSecurityAggregatedAlert"],
**kwargs
):
super(IoTSecurityAggregatedAlertList, self).__init__(**kwargs)
self.value = value
self.next_link = None
[docs]class IoTSecurityAggregatedAlertPropertiesTopDevicesListItem(msrest.serialization.Model):
"""IoTSecurityAggregatedAlertPropertiesTopDevicesListItem.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar device_id: Name of the device.
:vartype device_id: str
:ivar alerts_count: Number of alerts raised for this device.
:vartype alerts_count: long
:ivar last_occurrence: Most recent time this alert was raised for this device, on this day.
:vartype last_occurrence: str
"""
_validation = {
'device_id': {'readonly': True},
'alerts_count': {'readonly': True},
'last_occurrence': {'readonly': True},
}
_attribute_map = {
'device_id': {'key': 'deviceId', 'type': 'str'},
'alerts_count': {'key': 'alertsCount', 'type': 'long'},
'last_occurrence': {'key': 'lastOccurrence', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(IoTSecurityAggregatedAlertPropertiesTopDevicesListItem, self).__init__(**kwargs)
self.device_id = None
self.alerts_count = None
self.last_occurrence = None
[docs]class IoTSecurityAggregatedRecommendation(Resource, TagsResource):
"""IoT Security solution recommendation information.
Variables are only populated by the server, and will be ignored when sending a request.
:param tags: A set of tags. Resource tags.
:type tags: dict[str, str]
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:param recommendation_name: Name of the recommendation.
:type recommendation_name: str
:ivar recommendation_display_name: Display name of the recommendation type.
:vartype recommendation_display_name: str
:ivar description: Description of the suspected vulnerability and meaning.
:vartype description: str
:ivar recommendation_type_id: Recommendation-type GUID.
:vartype recommendation_type_id: str
:ivar detected_by: Name of the organization that made the recommendation.
:vartype detected_by: str
:ivar remediation_steps: Recommended steps for remediation.
:vartype remediation_steps: str
:ivar reported_severity: Assessed recommendation severity. Possible values include:
"Informational", "Low", "Medium", "High".
:vartype reported_severity: str or ~azure.mgmt.security.models.ReportedSeverity
:ivar healthy_devices: Number of healthy devices within the IoT Security solution.
:vartype healthy_devices: long
:ivar unhealthy_device_count: Number of unhealthy devices within the IoT Security solution.
:vartype unhealthy_device_count: long
:ivar log_analytics_query: Log analytics query for getting the list of affected devices/alerts.
:vartype log_analytics_query: str
"""
_validation = {
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
'recommendation_display_name': {'readonly': True},
'description': {'readonly': True},
'recommendation_type_id': {'readonly': True},
'detected_by': {'readonly': True},
'remediation_steps': {'readonly': True},
'reported_severity': {'readonly': True},
'healthy_devices': {'readonly': True},
'unhealthy_device_count': {'readonly': True},
'log_analytics_query': {'readonly': True},
}
_attribute_map = {
'tags': {'key': 'tags', 'type': '{str}'},
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'recommendation_name': {'key': 'properties.recommendationName', 'type': 'str'},
'recommendation_display_name': {'key': 'properties.recommendationDisplayName', 'type': 'str'},
'description': {'key': 'properties.description', 'type': 'str'},
'recommendation_type_id': {'key': 'properties.recommendationTypeId', 'type': 'str'},
'detected_by': {'key': 'properties.detectedBy', 'type': 'str'},
'remediation_steps': {'key': 'properties.remediationSteps', 'type': 'str'},
'reported_severity': {'key': 'properties.reportedSeverity', 'type': 'str'},
'healthy_devices': {'key': 'properties.healthyDevices', 'type': 'long'},
'unhealthy_device_count': {'key': 'properties.unhealthyDeviceCount', 'type': 'long'},
'log_analytics_query': {'key': 'properties.logAnalyticsQuery', 'type': 'str'},
}
def __init__(
self,
*,
tags: Optional[Dict[str, str]] = None,
recommendation_name: Optional[str] = None,
**kwargs
):
super(IoTSecurityAggregatedRecommendation, self).__init__(tags=tags, **kwargs)
self.tags = tags
self.recommendation_name = recommendation_name
self.recommendation_display_name = None
self.description = None
self.recommendation_type_id = None
self.detected_by = None
self.remediation_steps = None
self.reported_severity = None
self.healthy_devices = None
self.unhealthy_device_count = None
self.log_analytics_query = None
self.id = None
self.name = None
self.type = None
self.recommendation_name = recommendation_name
self.recommendation_display_name = None
self.description = None
self.recommendation_type_id = None
self.detected_by = None
self.remediation_steps = None
self.reported_severity = None
self.healthy_devices = None
self.unhealthy_device_count = None
self.log_analytics_query = None
[docs]class IoTSecurityAggregatedRecommendationList(msrest.serialization.Model):
"""List of IoT Security solution aggregated recommendations.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:param value: Required. List of aggregated recommendations data.
:type value: list[~azure.mgmt.security.models.IoTSecurityAggregatedRecommendation]
:ivar next_link: When there is too much alert data for one page, use this URI to fetch the next
page.
:vartype next_link: str
"""
_validation = {
'value': {'required': True},
'next_link': {'readonly': True},
}
_attribute_map = {
'value': {'key': 'value', 'type': '[IoTSecurityAggregatedRecommendation]'},
'next_link': {'key': 'nextLink', 'type': 'str'},
}
def __init__(
self,
*,
value: List["IoTSecurityAggregatedRecommendation"],
**kwargs
):
super(IoTSecurityAggregatedRecommendationList, self).__init__(**kwargs)
self.value = value
self.next_link = None
[docs]class IoTSecurityAlertedDevice(msrest.serialization.Model):
"""Statistical information about the number of alerts per device during last set number of days.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar device_id: Device identifier.
:vartype device_id: str
:ivar alerts_count: Number of alerts raised for this device.
:vartype alerts_count: long
"""
_validation = {
'device_id': {'readonly': True},
'alerts_count': {'readonly': True},
}
_attribute_map = {
'device_id': {'key': 'deviceId', 'type': 'str'},
'alerts_count': {'key': 'alertsCount', 'type': 'long'},
}
def __init__(
self,
**kwargs
):
super(IoTSecurityAlertedDevice, self).__init__(**kwargs)
self.device_id = None
self.alerts_count = None
[docs]class IoTSecurityDeviceAlert(msrest.serialization.Model):
"""Statistical information about the number of alerts per alert type during last set number of days.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar alert_display_name: Display name of the alert.
:vartype alert_display_name: str
:ivar reported_severity: Assessed Alert severity. Possible values include: "Informational",
"Low", "Medium", "High".
:vartype reported_severity: str or ~azure.mgmt.security.models.ReportedSeverity
:ivar alerts_count: Number of alerts raised for this alert type.
:vartype alerts_count: long
"""
_validation = {
'alert_display_name': {'readonly': True},
'reported_severity': {'readonly': True},
'alerts_count': {'readonly': True},
}
_attribute_map = {
'alert_display_name': {'key': 'alertDisplayName', 'type': 'str'},
'reported_severity': {'key': 'reportedSeverity', 'type': 'str'},
'alerts_count': {'key': 'alertsCount', 'type': 'long'},
}
def __init__(
self,
**kwargs
):
super(IoTSecurityDeviceAlert, self).__init__(**kwargs)
self.alert_display_name = None
self.reported_severity = None
self.alerts_count = None
[docs]class IoTSecurityDeviceRecommendation(msrest.serialization.Model):
"""Statistical information about the number of recommendations per device, per recommendation type.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar recommendation_display_name: Display name of the recommendation.
:vartype recommendation_display_name: str
:ivar reported_severity: Assessed recommendation severity. Possible values include:
"Informational", "Low", "Medium", "High".
:vartype reported_severity: str or ~azure.mgmt.security.models.ReportedSeverity
:ivar devices_count: Number of devices with this recommendation.
:vartype devices_count: long
"""
_validation = {
'recommendation_display_name': {'readonly': True},
'reported_severity': {'readonly': True},
'devices_count': {'readonly': True},
}
_attribute_map = {
'recommendation_display_name': {'key': 'recommendationDisplayName', 'type': 'str'},
'reported_severity': {'key': 'reportedSeverity', 'type': 'str'},
'devices_count': {'key': 'devicesCount', 'type': 'long'},
}
def __init__(
self,
**kwargs
):
super(IoTSecurityDeviceRecommendation, self).__init__(**kwargs)
self.recommendation_display_name = None
self.reported_severity = None
self.devices_count = None
[docs]class IoTSecuritySolutionAnalyticsModel(Resource):
"""Security analytics of your IoT Security solution.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:ivar metrics: Security analytics of your IoT Security solution.
:vartype metrics: ~azure.mgmt.security.models.IoTSeverityMetrics
:ivar unhealthy_device_count: Number of unhealthy devices within your IoT Security solution.
:vartype unhealthy_device_count: long
:ivar devices_metrics: List of device metrics by the aggregation date.
:vartype devices_metrics:
list[~azure.mgmt.security.models.IoTSecuritySolutionAnalyticsModelPropertiesDevicesMetricsItem]
:param top_alerted_devices: List of the 3 devices with the most alerts.
:type top_alerted_devices: list[~azure.mgmt.security.models.IoTSecurityAlertedDevice]
:param most_prevalent_device_alerts: List of the 3 most prevalent device alerts.
:type most_prevalent_device_alerts: list[~azure.mgmt.security.models.IoTSecurityDeviceAlert]
:param most_prevalent_device_recommendations: List of the 3 most prevalent device
recommendations.
:type most_prevalent_device_recommendations:
list[~azure.mgmt.security.models.IoTSecurityDeviceRecommendation]
"""
_validation = {
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
'metrics': {'readonly': True},
'unhealthy_device_count': {'readonly': True},
'devices_metrics': {'readonly': True},
}
_attribute_map = {
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'metrics': {'key': 'properties.metrics', 'type': 'IoTSeverityMetrics'},
'unhealthy_device_count': {'key': 'properties.unhealthyDeviceCount', 'type': 'long'},
'devices_metrics': {'key': 'properties.devicesMetrics', 'type': '[IoTSecuritySolutionAnalyticsModelPropertiesDevicesMetricsItem]'},
'top_alerted_devices': {'key': 'properties.topAlertedDevices', 'type': '[IoTSecurityAlertedDevice]'},
'most_prevalent_device_alerts': {'key': 'properties.mostPrevalentDeviceAlerts', 'type': '[IoTSecurityDeviceAlert]'},
'most_prevalent_device_recommendations': {'key': 'properties.mostPrevalentDeviceRecommendations', 'type': '[IoTSecurityDeviceRecommendation]'},
}
def __init__(
self,
*,
top_alerted_devices: Optional[List["IoTSecurityAlertedDevice"]] = None,
most_prevalent_device_alerts: Optional[List["IoTSecurityDeviceAlert"]] = None,
most_prevalent_device_recommendations: Optional[List["IoTSecurityDeviceRecommendation"]] = None,
**kwargs
):
super(IoTSecuritySolutionAnalyticsModel, self).__init__(**kwargs)
self.metrics = None
self.unhealthy_device_count = None
self.devices_metrics = None
self.top_alerted_devices = top_alerted_devices
self.most_prevalent_device_alerts = most_prevalent_device_alerts
self.most_prevalent_device_recommendations = most_prevalent_device_recommendations
[docs]class IoTSecuritySolutionAnalyticsModelList(msrest.serialization.Model):
"""List of Security analytics of your IoT Security solution.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:param value: Required. List of Security analytics of your IoT Security solution.
:type value: list[~azure.mgmt.security.models.IoTSecuritySolutionAnalyticsModel]
:ivar next_link: When there is too much alert data for one page, use this URI to fetch the next
page.
:vartype next_link: str
"""
_validation = {
'value': {'required': True},
'next_link': {'readonly': True},
}
_attribute_map = {
'value': {'key': 'value', 'type': '[IoTSecuritySolutionAnalyticsModel]'},
'next_link': {'key': 'nextLink', 'type': 'str'},
}
def __init__(
self,
*,
value: List["IoTSecuritySolutionAnalyticsModel"],
**kwargs
):
super(IoTSecuritySolutionAnalyticsModelList, self).__init__(**kwargs)
self.value = value
self.next_link = None
[docs]class IoTSecuritySolutionAnalyticsModelPropertiesDevicesMetricsItem(msrest.serialization.Model):
"""IoTSecuritySolutionAnalyticsModelPropertiesDevicesMetricsItem.
:param date: Aggregation of IoT Security solution device alert metrics by date.
:type date: ~datetime.datetime
:param devices_metrics: Device alert count by severity.
:type devices_metrics: ~azure.mgmt.security.models.IoTSeverityMetrics
"""
_attribute_map = {
'date': {'key': 'date', 'type': 'iso-8601'},
'devices_metrics': {'key': 'devicesMetrics', 'type': 'IoTSeverityMetrics'},
}
def __init__(
self,
*,
date: Optional[datetime.datetime] = None,
devices_metrics: Optional["IoTSeverityMetrics"] = None,
**kwargs
):
super(IoTSecuritySolutionAnalyticsModelPropertiesDevicesMetricsItem, self).__init__(**kwargs)
self.date = date
self.devices_metrics = devices_metrics
[docs]class IoTSecuritySolutionModel(Resource, TagsResource):
"""IoT Security solution configuration and resource information.
Variables are only populated by the server, and will be ignored when sending a request.
:param tags: A set of tags. Resource tags.
:type tags: dict[str, str]
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:param location: The resource location.
:type location: str
:ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy
information.
:vartype system_data: ~azure.mgmt.security.models.SystemData
:param workspace: Workspace resource ID.
:type workspace: str
:param display_name: Resource display name.
:type display_name: str
:param status: Status of the IoT Security solution. Possible values include: "Enabled",
"Disabled". Default value: "Enabled".
:type status: str or ~azure.mgmt.security.models.SecuritySolutionStatus
:param export: List of additional options for exporting to workspace data.
:type export: list[str or ~azure.mgmt.security.models.ExportData]
:param disabled_data_sources: Disabled data sources. Disabling these data sources compromises
the system.
:type disabled_data_sources: list[str or ~azure.mgmt.security.models.DataSource]
:param iot_hubs: IoT Hub resource IDs.
:type iot_hubs: list[str]
:param user_defined_resources: Properties of the IoT Security solution's user defined
resources.
:type user_defined_resources: ~azure.mgmt.security.models.UserDefinedResourcesProperties
:ivar auto_discovered_resources: List of resources that were automatically discovered as
relevant to the security solution.
:vartype auto_discovered_resources: list[str]
:param recommendations_configuration: List of the configuration status for each recommendation
type.
:type recommendations_configuration:
list[~azure.mgmt.security.models.RecommendationConfigurationProperties]
:param unmasked_ip_logging_status: Unmasked IP address logging status. Possible values include:
"Disabled", "Enabled". Default value: "Disabled".
:type unmasked_ip_logging_status: str or ~azure.mgmt.security.models.UnmaskedIpLoggingStatus
:param additional_workspaces: List of additional workspaces.
:type additional_workspaces: list[~azure.mgmt.security.models.AdditionalWorkspacesProperties]
"""
_validation = {
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
'system_data': {'readonly': True},
'auto_discovered_resources': {'readonly': True},
}
_attribute_map = {
'tags': {'key': 'tags', 'type': '{str}'},
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'location': {'key': 'location', 'type': 'str'},
'system_data': {'key': 'systemData', 'type': 'SystemData'},
'workspace': {'key': 'properties.workspace', 'type': 'str'},
'display_name': {'key': 'properties.displayName', 'type': 'str'},
'status': {'key': 'properties.status', 'type': 'str'},
'export': {'key': 'properties.export', 'type': '[str]'},
'disabled_data_sources': {'key': 'properties.disabledDataSources', 'type': '[str]'},
'iot_hubs': {'key': 'properties.iotHubs', 'type': '[str]'},
'user_defined_resources': {'key': 'properties.userDefinedResources', 'type': 'UserDefinedResourcesProperties'},
'auto_discovered_resources': {'key': 'properties.autoDiscoveredResources', 'type': '[str]'},
'recommendations_configuration': {'key': 'properties.recommendationsConfiguration', 'type': '[RecommendationConfigurationProperties]'},
'unmasked_ip_logging_status': {'key': 'properties.unmaskedIpLoggingStatus', 'type': 'str'},
'additional_workspaces': {'key': 'properties.additionalWorkspaces', 'type': '[AdditionalWorkspacesProperties]'},
}
def __init__(
self,
*,
tags: Optional[Dict[str, str]] = None,
location: Optional[str] = None,
workspace: Optional[str] = None,
display_name: Optional[str] = None,
status: Optional[Union[str, "SecuritySolutionStatus"]] = "Enabled",
export: Optional[List[Union[str, "ExportData"]]] = None,
disabled_data_sources: Optional[List[Union[str, "DataSource"]]] = None,
iot_hubs: Optional[List[str]] = None,
user_defined_resources: Optional["UserDefinedResourcesProperties"] = None,
recommendations_configuration: Optional[List["RecommendationConfigurationProperties"]] = None,
unmasked_ip_logging_status: Optional[Union[str, "UnmaskedIpLoggingStatus"]] = "Disabled",
additional_workspaces: Optional[List["AdditionalWorkspacesProperties"]] = None,
**kwargs
):
super(IoTSecuritySolutionModel, self).__init__(tags=tags, **kwargs)
self.tags = tags
self.location = location
self.system_data = None
self.workspace = workspace
self.display_name = display_name
self.status = status
self.export = export
self.disabled_data_sources = disabled_data_sources
self.iot_hubs = iot_hubs
self.user_defined_resources = user_defined_resources
self.auto_discovered_resources = None
self.recommendations_configuration = recommendations_configuration
self.unmasked_ip_logging_status = unmasked_ip_logging_status
self.additional_workspaces = additional_workspaces
self.id = None
self.name = None
self.type = None
self.location = location
self.system_data = None
self.workspace = workspace
self.display_name = display_name
self.status = status
self.export = export
self.disabled_data_sources = disabled_data_sources
self.iot_hubs = iot_hubs
self.user_defined_resources = user_defined_resources
self.auto_discovered_resources = None
self.recommendations_configuration = recommendations_configuration
self.unmasked_ip_logging_status = unmasked_ip_logging_status
self.additional_workspaces = additional_workspaces
[docs]class IoTSecuritySolutionsList(msrest.serialization.Model):
"""List of IoT Security solutions.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:param value: Required. List of IoT Security solutions.
:type value: list[~azure.mgmt.security.models.IoTSecuritySolutionModel]
:ivar next_link: The URI to fetch the next page.
:vartype next_link: str
"""
_validation = {
'value': {'required': True},
'next_link': {'readonly': True},
}
_attribute_map = {
'value': {'key': 'value', 'type': '[IoTSecuritySolutionModel]'},
'next_link': {'key': 'nextLink', 'type': 'str'},
}
def __init__(
self,
*,
value: List["IoTSecuritySolutionModel"],
**kwargs
):
super(IoTSecuritySolutionsList, self).__init__(**kwargs)
self.value = value
self.next_link = None
[docs]class IoTSeverityMetrics(msrest.serialization.Model):
"""IoT Security solution analytics severity metrics.
:param high: Count of high severity alerts/recommendations.
:type high: long
:param medium: Count of medium severity alerts/recommendations.
:type medium: long
:param low: Count of low severity alerts/recommendations.
:type low: long
"""
_attribute_map = {
'high': {'key': 'high', 'type': 'long'},
'medium': {'key': 'medium', 'type': 'long'},
'low': {'key': 'low', 'type': 'long'},
}
def __init__(
self,
*,
high: Optional[int] = None,
medium: Optional[int] = None,
low: Optional[int] = None,
**kwargs
):
super(IoTSeverityMetrics, self).__init__(**kwargs)
self.high = high
self.medium = medium
self.low = low
[docs]class JitNetworkAccessPoliciesList(msrest.serialization.Model):
"""JitNetworkAccessPoliciesList.
Variables are only populated by the server, and will be ignored when sending a request.
:param value:
:type value: list[~azure.mgmt.security.models.JitNetworkAccessPolicy]
:ivar next_link: The URI to fetch the next page.
:vartype next_link: str
"""
_validation = {
'next_link': {'readonly': True},
}
_attribute_map = {
'value': {'key': 'value', 'type': '[JitNetworkAccessPolicy]'},
'next_link': {'key': 'nextLink', 'type': 'str'},
}
def __init__(
self,
*,
value: Optional[List["JitNetworkAccessPolicy"]] = None,
**kwargs
):
super(JitNetworkAccessPoliciesList, self).__init__(**kwargs)
self.value = value
self.next_link = None
[docs]class JitNetworkAccessPolicy(Resource, Kind, Location):
"""JitNetworkAccessPolicy.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:ivar location: Location where the resource is stored.
:vartype location: str
:param kind: Kind of the resource.
:type kind: str
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:param virtual_machines: Required. Configurations for Microsoft.Compute/virtualMachines
resource type.
:type virtual_machines: list[~azure.mgmt.security.models.JitNetworkAccessPolicyVirtualMachine]
:param requests:
:type requests: list[~azure.mgmt.security.models.JitNetworkAccessRequest]
:ivar provisioning_state: Gets the provisioning state of the Just-in-Time policy.
:vartype provisioning_state: str
"""
_validation = {
'location': {'readonly': True},
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
'virtual_machines': {'required': True},
'provisioning_state': {'readonly': True},
}
_attribute_map = {
'location': {'key': 'location', 'type': 'str'},
'kind': {'key': 'kind', 'type': 'str'},
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'virtual_machines': {'key': 'properties.virtualMachines', 'type': '[JitNetworkAccessPolicyVirtualMachine]'},
'requests': {'key': 'properties.requests', 'type': '[JitNetworkAccessRequest]'},
'provisioning_state': {'key': 'properties.provisioningState', 'type': 'str'},
}
def __init__(
self,
*,
virtual_machines: List["JitNetworkAccessPolicyVirtualMachine"],
kind: Optional[str] = None,
requests: Optional[List["JitNetworkAccessRequest"]] = None,
**kwargs
):
super(JitNetworkAccessPolicy, self).__init__(kind=kind, **kwargs)
self.location = None
self.kind = kind
self.virtual_machines = virtual_machines
self.requests = requests
self.provisioning_state = None
self.location = None
self.id = None
self.name = None
self.type = None
self.virtual_machines = virtual_machines
self.requests = requests
self.provisioning_state = None
self.kind = kind
self.id = None
self.name = None
self.type = None
self.virtual_machines = virtual_machines
self.requests = requests
self.provisioning_state = None
[docs]class JitNetworkAccessPolicyInitiatePort(msrest.serialization.Model):
"""JitNetworkAccessPolicyInitiatePort.
All required parameters must be populated in order to send to Azure.
:param number: Required.
:type number: int
:param allowed_source_address_prefix: Source of the allowed traffic. If omitted, the request
will be for the source IP address of the initiate request.
:type allowed_source_address_prefix: str
:param end_time_utc: Required. The time to close the request in UTC.
:type end_time_utc: ~datetime.datetime
"""
_validation = {
'number': {'required': True, 'maximum': 65535, 'minimum': 0},
'end_time_utc': {'required': True},
}
_attribute_map = {
'number': {'key': 'number', 'type': 'int'},
'allowed_source_address_prefix': {'key': 'allowedSourceAddressPrefix', 'type': 'str'},
'end_time_utc': {'key': 'endTimeUtc', 'type': 'iso-8601'},
}
def __init__(
self,
*,
number: int,
end_time_utc: datetime.datetime,
allowed_source_address_prefix: Optional[str] = None,
**kwargs
):
super(JitNetworkAccessPolicyInitiatePort, self).__init__(**kwargs)
self.number = number
self.allowed_source_address_prefix = allowed_source_address_prefix
self.end_time_utc = end_time_utc
[docs]class JitNetworkAccessPolicyInitiateRequest(msrest.serialization.Model):
"""JitNetworkAccessPolicyInitiateRequest.
All required parameters must be populated in order to send to Azure.
:param virtual_machines: Required. A list of virtual machines & ports to open access for.
:type virtual_machines:
list[~azure.mgmt.security.models.JitNetworkAccessPolicyInitiateVirtualMachine]
:param justification: The justification for making the initiate request.
:type justification: str
"""
_validation = {
'virtual_machines': {'required': True},
}
_attribute_map = {
'virtual_machines': {'key': 'virtualMachines', 'type': '[JitNetworkAccessPolicyInitiateVirtualMachine]'},
'justification': {'key': 'justification', 'type': 'str'},
}
def __init__(
self,
*,
virtual_machines: List["JitNetworkAccessPolicyInitiateVirtualMachine"],
justification: Optional[str] = None,
**kwargs
):
super(JitNetworkAccessPolicyInitiateRequest, self).__init__(**kwargs)
self.virtual_machines = virtual_machines
self.justification = justification
[docs]class JitNetworkAccessPolicyInitiateVirtualMachine(msrest.serialization.Model):
"""JitNetworkAccessPolicyInitiateVirtualMachine.
All required parameters must be populated in order to send to Azure.
:param id: Required. Resource ID of the virtual machine that is linked to this policy.
:type id: str
:param ports: Required. The ports to open for the resource with the ``id``.
:type ports: list[~azure.mgmt.security.models.JitNetworkAccessPolicyInitiatePort]
"""
_validation = {
'id': {'required': True},
'ports': {'required': True},
}
_attribute_map = {
'id': {'key': 'id', 'type': 'str'},
'ports': {'key': 'ports', 'type': '[JitNetworkAccessPolicyInitiatePort]'},
}
def __init__(
self,
*,
id: str,
ports: List["JitNetworkAccessPolicyInitiatePort"],
**kwargs
):
super(JitNetworkAccessPolicyInitiateVirtualMachine, self).__init__(**kwargs)
self.id = id
self.ports = ports
[docs]class JitNetworkAccessPolicyVirtualMachine(msrest.serialization.Model):
"""JitNetworkAccessPolicyVirtualMachine.
All required parameters must be populated in order to send to Azure.
:param id: Required. Resource ID of the virtual machine that is linked to this policy.
:type id: str
:param ports: Required. Port configurations for the virtual machine.
:type ports: list[~azure.mgmt.security.models.JitNetworkAccessPortRule]
:param public_ip_address: Public IP address of the Azure Firewall that is linked to this
policy, if applicable.
:type public_ip_address: str
"""
_validation = {
'id': {'required': True},
'ports': {'required': True},
}
_attribute_map = {
'id': {'key': 'id', 'type': 'str'},
'ports': {'key': 'ports', 'type': '[JitNetworkAccessPortRule]'},
'public_ip_address': {'key': 'publicIpAddress', 'type': 'str'},
}
def __init__(
self,
*,
id: str,
ports: List["JitNetworkAccessPortRule"],
public_ip_address: Optional[str] = None,
**kwargs
):
super(JitNetworkAccessPolicyVirtualMachine, self).__init__(**kwargs)
self.id = id
self.ports = ports
self.public_ip_address = public_ip_address
[docs]class JitNetworkAccessPortRule(msrest.serialization.Model):
"""JitNetworkAccessPortRule.
All required parameters must be populated in order to send to Azure.
:param number: Required.
:type number: int
:param protocol: Required. Possible values include: "TCP", "UDP", "*".
:type protocol: str or ~azure.mgmt.security.models.ProtocolEnum
:param allowed_source_address_prefix: Mutually exclusive with the
"allowedSourceAddressPrefixes" parameter. Should be an IP address or CIDR, for example
"192.168.0.3" or "192.168.0.0/16".
:type allowed_source_address_prefix: str
:param allowed_source_address_prefixes: Mutually exclusive with the
"allowedSourceAddressPrefix" parameter.
:type allowed_source_address_prefixes: list[str]
:param max_request_access_duration: Required. Maximum duration requests can be made for. In ISO
8601 duration format. Minimum 5 minutes, maximum 1 day.
:type max_request_access_duration: str
"""
_validation = {
'number': {'required': True, 'maximum': 65535, 'minimum': 0},
'protocol': {'required': True},
'max_request_access_duration': {'required': True},
}
_attribute_map = {
'number': {'key': 'number', 'type': 'int'},
'protocol': {'key': 'protocol', 'type': 'str'},
'allowed_source_address_prefix': {'key': 'allowedSourceAddressPrefix', 'type': 'str'},
'allowed_source_address_prefixes': {'key': 'allowedSourceAddressPrefixes', 'type': '[str]'},
'max_request_access_duration': {'key': 'maxRequestAccessDuration', 'type': 'str'},
}
def __init__(
self,
*,
number: int,
protocol: Union[str, "ProtocolEnum"],
max_request_access_duration: str,
allowed_source_address_prefix: Optional[str] = None,
allowed_source_address_prefixes: Optional[List[str]] = None,
**kwargs
):
super(JitNetworkAccessPortRule, self).__init__(**kwargs)
self.number = number
self.protocol = protocol
self.allowed_source_address_prefix = allowed_source_address_prefix
self.allowed_source_address_prefixes = allowed_source_address_prefixes
self.max_request_access_duration = max_request_access_duration
[docs]class JitNetworkAccessRequest(msrest.serialization.Model):
"""JitNetworkAccessRequest.
All required parameters must be populated in order to send to Azure.
:param virtual_machines: Required.
:type virtual_machines: list[~azure.mgmt.security.models.JitNetworkAccessRequestVirtualMachine]
:param start_time_utc: Required. The start time of the request in UTC.
:type start_time_utc: ~datetime.datetime
:param requestor: Required. The identity of the person who made the request.
:type requestor: str
:param justification: The justification for making the initiate request.
:type justification: str
"""
_validation = {
'virtual_machines': {'required': True},
'start_time_utc': {'required': True},
'requestor': {'required': True},
}
_attribute_map = {
'virtual_machines': {'key': 'virtualMachines', 'type': '[JitNetworkAccessRequestVirtualMachine]'},
'start_time_utc': {'key': 'startTimeUtc', 'type': 'iso-8601'},
'requestor': {'key': 'requestor', 'type': 'str'},
'justification': {'key': 'justification', 'type': 'str'},
}
def __init__(
self,
*,
virtual_machines: List["JitNetworkAccessRequestVirtualMachine"],
start_time_utc: datetime.datetime,
requestor: str,
justification: Optional[str] = None,
**kwargs
):
super(JitNetworkAccessRequest, self).__init__(**kwargs)
self.virtual_machines = virtual_machines
self.start_time_utc = start_time_utc
self.requestor = requestor
self.justification = justification
[docs]class JitNetworkAccessRequestPort(msrest.serialization.Model):
"""JitNetworkAccessRequestPort.
All required parameters must be populated in order to send to Azure.
:param number: Required.
:type number: int
:param allowed_source_address_prefix: Mutually exclusive with the
"allowedSourceAddressPrefixes" parameter. Should be an IP address or CIDR, for example
"192.168.0.3" or "192.168.0.0/16".
:type allowed_source_address_prefix: str
:param allowed_source_address_prefixes: Mutually exclusive with the
"allowedSourceAddressPrefix" parameter.
:type allowed_source_address_prefixes: list[str]
:param end_time_utc: Required. The date & time at which the request ends in UTC.
:type end_time_utc: ~datetime.datetime
:param status: Required. The status of the port. Possible values include: "Revoked",
"Initiated".
:type status: str or ~azure.mgmt.security.models.Status
:param status_reason: Required. A description of why the ``status`` has its value. Possible
values include: "Expired", "UserRequested", "NewerRequestInitiated".
:type status_reason: str or ~azure.mgmt.security.models.StatusReason
:param mapped_port: The port which is mapped to this port's ``number`` in the Azure Firewall,
if applicable.
:type mapped_port: int
"""
_validation = {
'number': {'required': True, 'maximum': 65535, 'minimum': 0},
'end_time_utc': {'required': True},
'status': {'required': True},
'status_reason': {'required': True},
}
_attribute_map = {
'number': {'key': 'number', 'type': 'int'},
'allowed_source_address_prefix': {'key': 'allowedSourceAddressPrefix', 'type': 'str'},
'allowed_source_address_prefixes': {'key': 'allowedSourceAddressPrefixes', 'type': '[str]'},
'end_time_utc': {'key': 'endTimeUtc', 'type': 'iso-8601'},
'status': {'key': 'status', 'type': 'str'},
'status_reason': {'key': 'statusReason', 'type': 'str'},
'mapped_port': {'key': 'mappedPort', 'type': 'int'},
}
def __init__(
self,
*,
number: int,
end_time_utc: datetime.datetime,
status: Union[str, "Status"],
status_reason: Union[str, "StatusReason"],
allowed_source_address_prefix: Optional[str] = None,
allowed_source_address_prefixes: Optional[List[str]] = None,
mapped_port: Optional[int] = None,
**kwargs
):
super(JitNetworkAccessRequestPort, self).__init__(**kwargs)
self.number = number
self.allowed_source_address_prefix = allowed_source_address_prefix
self.allowed_source_address_prefixes = allowed_source_address_prefixes
self.end_time_utc = end_time_utc
self.status = status
self.status_reason = status_reason
self.mapped_port = mapped_port
[docs]class JitNetworkAccessRequestVirtualMachine(msrest.serialization.Model):
"""JitNetworkAccessRequestVirtualMachine.
All required parameters must be populated in order to send to Azure.
:param id: Required. Resource ID of the virtual machine that is linked to this policy.
:type id: str
:param ports: Required. The ports that were opened for the virtual machine.
:type ports: list[~azure.mgmt.security.models.JitNetworkAccessRequestPort]
"""
_validation = {
'id': {'required': True},
'ports': {'required': True},
}
_attribute_map = {
'id': {'key': 'id', 'type': 'str'},
'ports': {'key': 'ports', 'type': '[JitNetworkAccessRequestPort]'},
}
def __init__(
self,
*,
id: str,
ports: List["JitNetworkAccessRequestPort"],
**kwargs
):
super(JitNetworkAccessRequestVirtualMachine, self).__init__(**kwargs)
self.id = id
self.ports = ports
[docs]class LocalUserNotAllowed(AllowlistCustomAlertRule):
"""Login by a local user that isn't allowed. Allow list consists of login names to allow.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:ivar display_name: The display name of the custom alert.
:vartype display_name: str
:ivar description: The description of the custom alert.
:vartype description: str
:param is_enabled: Required. Status of the custom alert.
:type is_enabled: bool
:param rule_type: Required. The type of the custom alert rule.Constant filled by server.
:type rule_type: str
:ivar value_type: The value type of the items in the list. Possible values include: "IpCidr",
"String".
:vartype value_type: str or ~azure.mgmt.security.models.ValueType
:param allowlist_values: Required. The values to allow. The format of the values depends on the
rule type.
:type allowlist_values: list[str]
"""
_validation = {
'display_name': {'readonly': True},
'description': {'readonly': True},
'is_enabled': {'required': True},
'rule_type': {'required': True},
'value_type': {'readonly': True},
'allowlist_values': {'required': True},
}
_attribute_map = {
'display_name': {'key': 'displayName', 'type': 'str'},
'description': {'key': 'description', 'type': 'str'},
'is_enabled': {'key': 'isEnabled', 'type': 'bool'},
'rule_type': {'key': 'ruleType', 'type': 'str'},
'value_type': {'key': 'valueType', 'type': 'str'},
'allowlist_values': {'key': 'allowlistValues', 'type': '[str]'},
}
def __init__(
self,
*,
is_enabled: bool,
allowlist_values: List[str],
**kwargs
):
super(LocalUserNotAllowed, self).__init__(is_enabled=is_enabled, allowlist_values=allowlist_values, **kwargs)
self.rule_type = 'LocalUserNotAllowed' # type: str
[docs]class LogAnalyticsIdentifier(ResourceIdentifier):
"""Represents a Log Analytics workspace scope identifier.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:param type: Required. There can be multiple identifiers of different type per alert, this
field specify the identifier type.Constant filled by server. Possible values include:
"AzureResource", "LogAnalytics".
:type type: str or ~azure.mgmt.security.models.ResourceIdentifierType
:ivar workspace_id: The LogAnalytics workspace id that stores this alert.
:vartype workspace_id: str
:ivar workspace_subscription_id: The azure subscription id for the LogAnalytics workspace
storing this alert.
:vartype workspace_subscription_id: str
:ivar workspace_resource_group: The azure resource group for the LogAnalytics workspace storing
this alert.
:vartype workspace_resource_group: str
:ivar agent_id: (optional) The LogAnalytics agent id reporting the event that this alert is
based on.
:vartype agent_id: str
"""
_validation = {
'type': {'required': True},
'workspace_id': {'readonly': True},
'workspace_subscription_id': {'readonly': True, 'pattern': r'^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$'},
'workspace_resource_group': {'readonly': True},
'agent_id': {'readonly': True},
}
_attribute_map = {
'type': {'key': 'type', 'type': 'str'},
'workspace_id': {'key': 'workspaceId', 'type': 'str'},
'workspace_subscription_id': {'key': 'workspaceSubscriptionId', 'type': 'str'},
'workspace_resource_group': {'key': 'workspaceResourceGroup', 'type': 'str'},
'agent_id': {'key': 'agentId', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(LogAnalyticsIdentifier, self).__init__(**kwargs)
self.type = 'LogAnalytics' # type: str
self.workspace_id = None
self.workspace_subscription_id = None
self.workspace_resource_group = None
self.agent_id = None
[docs]class MqttC2DMessagesNotInAllowedRange(TimeWindowCustomAlertRule):
"""Number of cloud to device messages (MQTT protocol) is not in allowed range.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:ivar display_name: The display name of the custom alert.
:vartype display_name: str
:ivar description: The description of the custom alert.
:vartype description: str
:param is_enabled: Required. Status of the custom alert.
:type is_enabled: bool
:param rule_type: Required. The type of the custom alert rule.Constant filled by server.
:type rule_type: str
:param min_threshold: Required. The minimum threshold.
:type min_threshold: int
:param max_threshold: Required. The maximum threshold.
:type max_threshold: int
:param time_window_size: Required. The time window size in iso8601 format.
:type time_window_size: ~datetime.timedelta
"""
_validation = {
'display_name': {'readonly': True},
'description': {'readonly': True},
'is_enabled': {'required': True},
'rule_type': {'required': True},
'min_threshold': {'required': True},
'max_threshold': {'required': True},
'time_window_size': {'required': True},
}
_attribute_map = {
'display_name': {'key': 'displayName', 'type': 'str'},
'description': {'key': 'description', 'type': 'str'},
'is_enabled': {'key': 'isEnabled', 'type': 'bool'},
'rule_type': {'key': 'ruleType', 'type': 'str'},
'min_threshold': {'key': 'minThreshold', 'type': 'int'},
'max_threshold': {'key': 'maxThreshold', 'type': 'int'},
'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'},
}
def __init__(
self,
*,
is_enabled: bool,
min_threshold: int,
max_threshold: int,
time_window_size: datetime.timedelta,
**kwargs
):
super(MqttC2DMessagesNotInAllowedRange, self).__init__(is_enabled=is_enabled, min_threshold=min_threshold, max_threshold=max_threshold, time_window_size=time_window_size, **kwargs)
self.rule_type = 'MqttC2DMessagesNotInAllowedRange' # type: str
[docs]class MqttC2DRejectedMessagesNotInAllowedRange(TimeWindowCustomAlertRule):
"""Number of rejected cloud to device messages (MQTT protocol) is not in allowed range.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:ivar display_name: The display name of the custom alert.
:vartype display_name: str
:ivar description: The description of the custom alert.
:vartype description: str
:param is_enabled: Required. Status of the custom alert.
:type is_enabled: bool
:param rule_type: Required. The type of the custom alert rule.Constant filled by server.
:type rule_type: str
:param min_threshold: Required. The minimum threshold.
:type min_threshold: int
:param max_threshold: Required. The maximum threshold.
:type max_threshold: int
:param time_window_size: Required. The time window size in iso8601 format.
:type time_window_size: ~datetime.timedelta
"""
_validation = {
'display_name': {'readonly': True},
'description': {'readonly': True},
'is_enabled': {'required': True},
'rule_type': {'required': True},
'min_threshold': {'required': True},
'max_threshold': {'required': True},
'time_window_size': {'required': True},
}
_attribute_map = {
'display_name': {'key': 'displayName', 'type': 'str'},
'description': {'key': 'description', 'type': 'str'},
'is_enabled': {'key': 'isEnabled', 'type': 'bool'},
'rule_type': {'key': 'ruleType', 'type': 'str'},
'min_threshold': {'key': 'minThreshold', 'type': 'int'},
'max_threshold': {'key': 'maxThreshold', 'type': 'int'},
'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'},
}
def __init__(
self,
*,
is_enabled: bool,
min_threshold: int,
max_threshold: int,
time_window_size: datetime.timedelta,
**kwargs
):
super(MqttC2DRejectedMessagesNotInAllowedRange, self).__init__(is_enabled=is_enabled, min_threshold=min_threshold, max_threshold=max_threshold, time_window_size=time_window_size, **kwargs)
self.rule_type = 'MqttC2DRejectedMessagesNotInAllowedRange' # type: str
[docs]class MqttD2CMessagesNotInAllowedRange(TimeWindowCustomAlertRule):
"""Number of device to cloud messages (MQTT protocol) is not in allowed range.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:ivar display_name: The display name of the custom alert.
:vartype display_name: str
:ivar description: The description of the custom alert.
:vartype description: str
:param is_enabled: Required. Status of the custom alert.
:type is_enabled: bool
:param rule_type: Required. The type of the custom alert rule.Constant filled by server.
:type rule_type: str
:param min_threshold: Required. The minimum threshold.
:type min_threshold: int
:param max_threshold: Required. The maximum threshold.
:type max_threshold: int
:param time_window_size: Required. The time window size in iso8601 format.
:type time_window_size: ~datetime.timedelta
"""
_validation = {
'display_name': {'readonly': True},
'description': {'readonly': True},
'is_enabled': {'required': True},
'rule_type': {'required': True},
'min_threshold': {'required': True},
'max_threshold': {'required': True},
'time_window_size': {'required': True},
}
_attribute_map = {
'display_name': {'key': 'displayName', 'type': 'str'},
'description': {'key': 'description', 'type': 'str'},
'is_enabled': {'key': 'isEnabled', 'type': 'bool'},
'rule_type': {'key': 'ruleType', 'type': 'str'},
'min_threshold': {'key': 'minThreshold', 'type': 'int'},
'max_threshold': {'key': 'maxThreshold', 'type': 'int'},
'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'},
}
def __init__(
self,
*,
is_enabled: bool,
min_threshold: int,
max_threshold: int,
time_window_size: datetime.timedelta,
**kwargs
):
super(MqttD2CMessagesNotInAllowedRange, self).__init__(is_enabled=is_enabled, min_threshold=min_threshold, max_threshold=max_threshold, time_window_size=time_window_size, **kwargs)
self.rule_type = 'MqttD2CMessagesNotInAllowedRange' # type: str
[docs]class OnPremiseResourceDetails(ResourceDetails):
"""Details of the On Premise resource that was assessed.
You probably want to use the sub-classes and not this class directly. Known
sub-classes are: OnPremiseSqlResourceDetails.
All required parameters must be populated in order to send to Azure.
:param source: Required. The platform where the assessed resource resides.Constant filled by
server. Possible values include: "Azure", "OnPremise", "OnPremiseSql".
:type source: str or ~azure.mgmt.security.models.Source
:param workspace_id: Required. Azure resource Id of the workspace the machine is attached to.
:type workspace_id: str
:param vmuuid: Required. The unique Id of the machine.
:type vmuuid: str
:param source_computer_id: Required. The oms agent Id installed on the machine.
:type source_computer_id: str
:param machine_name: Required. The name of the machine.
:type machine_name: str
"""
_validation = {
'source': {'required': True},
'workspace_id': {'required': True},
'vmuuid': {'required': True},
'source_computer_id': {'required': True},
'machine_name': {'required': True},
}
_attribute_map = {
'source': {'key': 'source', 'type': 'str'},
'workspace_id': {'key': 'workspaceId', 'type': 'str'},
'vmuuid': {'key': 'vmuuid', 'type': 'str'},
'source_computer_id': {'key': 'sourceComputerId', 'type': 'str'},
'machine_name': {'key': 'machineName', 'type': 'str'},
}
_subtype_map = {
'source': {'OnPremiseSql': 'OnPremiseSqlResourceDetails'}
}
def __init__(
self,
*,
workspace_id: str,
vmuuid: str,
source_computer_id: str,
machine_name: str,
**kwargs
):
super(OnPremiseResourceDetails, self).__init__(**kwargs)
self.source = 'OnPremise' # type: str
self.workspace_id = workspace_id
self.vmuuid = vmuuid
self.source_computer_id = source_computer_id
self.machine_name = machine_name
[docs]class OnPremiseSqlResourceDetails(OnPremiseResourceDetails):
"""Details of the On Premise Sql resource that was assessed.
All required parameters must be populated in order to send to Azure.
:param source: Required. The platform where the assessed resource resides.Constant filled by
server. Possible values include: "Azure", "OnPremise", "OnPremiseSql".
:type source: str or ~azure.mgmt.security.models.Source
:param workspace_id: Required. Azure resource Id of the workspace the machine is attached to.
:type workspace_id: str
:param vmuuid: Required. The unique Id of the machine.
:type vmuuid: str
:param source_computer_id: Required. The oms agent Id installed on the machine.
:type source_computer_id: str
:param machine_name: Required. The name of the machine.
:type machine_name: str
:param server_name: Required. The Sql server name installed on the machine.
:type server_name: str
:param database_name: Required. The Sql database name installed on the machine.
:type database_name: str
"""
_validation = {
'source': {'required': True},
'workspace_id': {'required': True},
'vmuuid': {'required': True},
'source_computer_id': {'required': True},
'machine_name': {'required': True},
'server_name': {'required': True},
'database_name': {'required': True},
}
_attribute_map = {
'source': {'key': 'source', 'type': 'str'},
'workspace_id': {'key': 'workspaceId', 'type': 'str'},
'vmuuid': {'key': 'vmuuid', 'type': 'str'},
'source_computer_id': {'key': 'sourceComputerId', 'type': 'str'},
'machine_name': {'key': 'machineName', 'type': 'str'},
'server_name': {'key': 'serverName', 'type': 'str'},
'database_name': {'key': 'databaseName', 'type': 'str'},
}
def __init__(
self,
*,
workspace_id: str,
vmuuid: str,
source_computer_id: str,
machine_name: str,
server_name: str,
database_name: str,
**kwargs
):
super(OnPremiseSqlResourceDetails, self).__init__(workspace_id=workspace_id, vmuuid=vmuuid, source_computer_id=source_computer_id, machine_name=machine_name, **kwargs)
self.source = 'OnPremiseSql' # type: str
self.server_name = server_name
self.database_name = database_name
[docs]class Operation(msrest.serialization.Model):
"""Possible operation in the REST API of Microsoft.Security.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar name: Name of the operation.
:vartype name: str
:ivar origin: Where the operation is originated.
:vartype origin: str
:param display: Security operation display.
:type display: ~azure.mgmt.security.models.OperationDisplay
"""
_validation = {
'name': {'readonly': True},
'origin': {'readonly': True},
}
_attribute_map = {
'name': {'key': 'name', 'type': 'str'},
'origin': {'key': 'origin', 'type': 'str'},
'display': {'key': 'display', 'type': 'OperationDisplay'},
}
def __init__(
self,
*,
display: Optional["OperationDisplay"] = None,
**kwargs
):
super(Operation, self).__init__(**kwargs)
self.name = None
self.origin = None
self.display = display
[docs]class OperationDisplay(msrest.serialization.Model):
"""Security operation display.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar provider: The resource provider for the operation.
:vartype provider: str
:ivar resource: The display name of the resource the operation applies to.
:vartype resource: str
:ivar operation: The display name of the security operation.
:vartype operation: str
:ivar description: The description of the operation.
:vartype description: str
"""
_validation = {
'provider': {'readonly': True},
'resource': {'readonly': True},
'operation': {'readonly': True},
'description': {'readonly': True},
}
_attribute_map = {
'provider': {'key': 'provider', 'type': 'str'},
'resource': {'key': 'resource', 'type': 'str'},
'operation': {'key': 'operation', 'type': 'str'},
'description': {'key': 'description', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(OperationDisplay, self).__init__(**kwargs)
self.provider = None
self.resource = None
self.operation = None
self.description = None
[docs]class OperationList(msrest.serialization.Model):
"""List of possible operations for Microsoft.Security resource provider.
Variables are only populated by the server, and will be ignored when sending a request.
:param value: List of Security operations.
:type value: list[~azure.mgmt.security.models.Operation]
:ivar next_link: The URI to fetch the next page.
:vartype next_link: str
"""
_validation = {
'next_link': {'readonly': True},
}
_attribute_map = {
'value': {'key': 'value', 'type': '[Operation]'},
'next_link': {'key': 'nextLink', 'type': 'str'},
}
def __init__(
self,
*,
value: Optional[List["Operation"]] = None,
**kwargs
):
super(OperationList, self).__init__(**kwargs)
self.value = value
self.next_link = None
[docs]class PathRecommendation(msrest.serialization.Model):
"""Represents a path that is recommended to be allowed and its properties.
:param path: The full path of the file, or an identifier of the application.
:type path: str
:param action: The recommendation action of the machine or rule. Possible values include:
"Recommended", "Add", "Remove".
:type action: str or ~azure.mgmt.security.models.RecommendationAction
:param type: The type of IoT Security recommendation. Possible values include:
"IoT_ACRAuthentication", "IoT_AgentSendsUnutilizedMessages", "IoT_Baseline",
"IoT_EdgeHubMemOptimize", "IoT_EdgeLoggingOptions", "IoT_InconsistentModuleSettings",
"IoT_InstallAgent", "IoT_IPFilter_DenyAll", "IoT_IPFilter_PermissiveRule", "IoT_OpenPorts",
"IoT_PermissiveFirewallPolicy", "IoT_PermissiveInputFirewallRules",
"IoT_PermissiveOutputFirewallRules", "IoT_PrivilegedDockerOptions", "IoT_SharedCredentials",
"IoT_VulnerableTLSCipherSuite".
:type type: str or ~azure.mgmt.security.models.RecommendationType
:param publisher_info: Represents the publisher information of a process/rule.
:type publisher_info: ~azure.mgmt.security.models.PublisherInfo
:param common: Whether the application is commonly run on the machine.
:type common: bool
:param user_sids:
:type user_sids: list[str]
:param usernames:
:type usernames: list[~azure.mgmt.security.models.UserRecommendation]
:param file_type: The type of the file (for Linux files - Executable is used). Possible values
include: "Exe", "Dll", "Msi", "Script", "Executable", "Unknown".
:type file_type: str or ~azure.mgmt.security.models.FileType
:param configuration_status: The configuration status of the machines group or machine or rule.
Possible values include: "Configured", "NotConfigured", "InProgress", "Failed", "NoStatus".
:type configuration_status: str or ~azure.mgmt.security.models.ConfigurationStatus
"""
_attribute_map = {
'path': {'key': 'path', 'type': 'str'},
'action': {'key': 'action', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'publisher_info': {'key': 'publisherInfo', 'type': 'PublisherInfo'},
'common': {'key': 'common', 'type': 'bool'},
'user_sids': {'key': 'userSids', 'type': '[str]'},
'usernames': {'key': 'usernames', 'type': '[UserRecommendation]'},
'file_type': {'key': 'fileType', 'type': 'str'},
'configuration_status': {'key': 'configurationStatus', 'type': 'str'},
}
def __init__(
self,
*,
path: Optional[str] = None,
action: Optional[Union[str, "RecommendationAction"]] = None,
type: Optional[Union[str, "RecommendationType"]] = None,
publisher_info: Optional["PublisherInfo"] = None,
common: Optional[bool] = None,
user_sids: Optional[List[str]] = None,
usernames: Optional[List["UserRecommendation"]] = None,
file_type: Optional[Union[str, "FileType"]] = None,
configuration_status: Optional[Union[str, "ConfigurationStatus"]] = None,
**kwargs
):
super(PathRecommendation, self).__init__(**kwargs)
self.path = path
self.action = action
self.type = type
self.publisher_info = publisher_info
self.common = common
self.user_sids = user_sids
self.usernames = usernames
self.file_type = file_type
self.configuration_status = configuration_status
[docs]class Pricing(Resource):
"""Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:param pricing_tier: The pricing tier value. Azure Security Center is provided in two pricing
tiers: free and standard, with the standard tier available with a trial period. The standard
tier offers advanced security capabilities, while the free tier offers basic security features.
Possible values include: "Free", "Standard".
:type pricing_tier: str or ~azure.mgmt.security.models.PricingTier
:ivar free_trial_remaining_time: The duration left for the subscriptions free trial period - in
ISO 8601 format (e.g. P3Y6M4DT12H30M5S).
:vartype free_trial_remaining_time: ~datetime.timedelta
"""
_validation = {
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
'free_trial_remaining_time': {'readonly': True},
}
_attribute_map = {
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'pricing_tier': {'key': 'properties.pricingTier', 'type': 'str'},
'free_trial_remaining_time': {'key': 'properties.freeTrialRemainingTime', 'type': 'duration'},
}
def __init__(
self,
*,
pricing_tier: Optional[Union[str, "PricingTier"]] = None,
**kwargs
):
super(Pricing, self).__init__(**kwargs)
self.pricing_tier = pricing_tier
self.free_trial_remaining_time = None
[docs]class PricingList(msrest.serialization.Model):
"""List of pricing configurations response.
All required parameters must be populated in order to send to Azure.
:param value: Required. List of pricing configurations.
:type value: list[~azure.mgmt.security.models.Pricing]
"""
_validation = {
'value': {'required': True},
}
_attribute_map = {
'value': {'key': 'value', 'type': '[Pricing]'},
}
def __init__(
self,
*,
value: List["Pricing"],
**kwargs
):
super(PricingList, self).__init__(**kwargs)
self.value = value
[docs]class ProcessNotAllowed(AllowlistCustomAlertRule):
"""Execution of a process that isn't allowed. Allow list consists of process names to allow.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:ivar display_name: The display name of the custom alert.
:vartype display_name: str
:ivar description: The description of the custom alert.
:vartype description: str
:param is_enabled: Required. Status of the custom alert.
:type is_enabled: bool
:param rule_type: Required. The type of the custom alert rule.Constant filled by server.
:type rule_type: str
:ivar value_type: The value type of the items in the list. Possible values include: "IpCidr",
"String".
:vartype value_type: str or ~azure.mgmt.security.models.ValueType
:param allowlist_values: Required. The values to allow. The format of the values depends on the
rule type.
:type allowlist_values: list[str]
"""
_validation = {
'display_name': {'readonly': True},
'description': {'readonly': True},
'is_enabled': {'required': True},
'rule_type': {'required': True},
'value_type': {'readonly': True},
'allowlist_values': {'required': True},
}
_attribute_map = {
'display_name': {'key': 'displayName', 'type': 'str'},
'description': {'key': 'description', 'type': 'str'},
'is_enabled': {'key': 'isEnabled', 'type': 'bool'},
'rule_type': {'key': 'ruleType', 'type': 'str'},
'value_type': {'key': 'valueType', 'type': 'str'},
'allowlist_values': {'key': 'allowlistValues', 'type': '[str]'},
}
def __init__(
self,
*,
is_enabled: bool,
allowlist_values: List[str],
**kwargs
):
super(ProcessNotAllowed, self).__init__(is_enabled=is_enabled, allowlist_values=allowlist_values, **kwargs)
self.rule_type = 'ProcessNotAllowed' # type: str
[docs]class ProtectionMode(msrest.serialization.Model):
"""The protection mode of the collection/file types. Exe/Msi/Script are used for Windows, Executable is used for Linux.
:param exe: The application control policy enforcement/protection mode of the machine group.
Possible values include: "Audit", "Enforce", "None".
:type exe: str or ~azure.mgmt.security.models.EnforcementMode
:param msi: The application control policy enforcement/protection mode of the machine group.
Possible values include: "Audit", "Enforce", "None".
:type msi: str or ~azure.mgmt.security.models.EnforcementMode
:param script: The application control policy enforcement/protection mode of the machine group.
Possible values include: "Audit", "Enforce", "None".
:type script: str or ~azure.mgmt.security.models.EnforcementMode
:param executable: The application control policy enforcement/protection mode of the machine
group. Possible values include: "Audit", "Enforce", "None".
:type executable: str or ~azure.mgmt.security.models.EnforcementMode
"""
_attribute_map = {
'exe': {'key': 'exe', 'type': 'str'},
'msi': {'key': 'msi', 'type': 'str'},
'script': {'key': 'script', 'type': 'str'},
'executable': {'key': 'executable', 'type': 'str'},
}
def __init__(
self,
*,
exe: Optional[Union[str, "EnforcementMode"]] = None,
msi: Optional[Union[str, "EnforcementMode"]] = None,
script: Optional[Union[str, "EnforcementMode"]] = None,
executable: Optional[Union[str, "EnforcementMode"]] = None,
**kwargs
):
super(ProtectionMode, self).__init__(**kwargs)
self.exe = exe
self.msi = msi
self.script = script
self.executable = executable
[docs]class ProxyServerProperties(msrest.serialization.Model):
"""For a non-Azure machine that is not connected directly to the internet, specify a proxy server that the non-Azure machine can use.
:param ip: Proxy server IP.
:type ip: str
:param port: Proxy server port.
:type port: str
"""
_attribute_map = {
'ip': {'key': 'ip', 'type': 'str'},
'port': {'key': 'port', 'type': 'str'},
}
def __init__(
self,
*,
ip: Optional[str] = None,
port: Optional[str] = None,
**kwargs
):
super(ProxyServerProperties, self).__init__(**kwargs)
self.ip = ip
self.port = port
[docs]class PublisherInfo(msrest.serialization.Model):
"""Represents the publisher information of a process/rule.
:param publisher_name: The Subject field of the x.509 certificate used to sign the code, using
the following fields - O = Organization, L = Locality, S = State or Province, and C = Country.
:type publisher_name: str
:param product_name: The product name taken from the file's version resource.
:type product_name: str
:param binary_name: The "OriginalName" field taken from the file's version resource.
:type binary_name: str
:param version: The binary file version taken from the file's version resource.
:type version: str
"""
_attribute_map = {
'publisher_name': {'key': 'publisherName', 'type': 'str'},
'product_name': {'key': 'productName', 'type': 'str'},
'binary_name': {'key': 'binaryName', 'type': 'str'},
'version': {'key': 'version', 'type': 'str'},
}
def __init__(
self,
*,
publisher_name: Optional[str] = None,
product_name: Optional[str] = None,
binary_name: Optional[str] = None,
version: Optional[str] = None,
**kwargs
):
super(PublisherInfo, self).__init__(**kwargs)
self.publisher_name = publisher_name
self.product_name = product_name
self.binary_name = binary_name
self.version = version
[docs]class QueryCheck(msrest.serialization.Model):
"""The rule query details.
:param query: The rule query.
:type query: str
:param expected_result: Expected result.
:type expected_result: list[list[str]]
:param column_names: Column names of expected result.
:type column_names: list[str]
"""
_attribute_map = {
'query': {'key': 'query', 'type': 'str'},
'expected_result': {'key': 'expectedResult', 'type': '[[str]]'},
'column_names': {'key': 'columnNames', 'type': '[str]'},
}
def __init__(
self,
*,
query: Optional[str] = None,
expected_result: Optional[List[List[str]]] = None,
column_names: Optional[List[str]] = None,
**kwargs
):
super(QueryCheck, self).__init__(**kwargs)
self.query = query
self.expected_result = expected_result
self.column_names = column_names
[docs]class QueuePurgesNotInAllowedRange(TimeWindowCustomAlertRule):
"""Number of device queue purges is not in allowed range.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:ivar display_name: The display name of the custom alert.
:vartype display_name: str
:ivar description: The description of the custom alert.
:vartype description: str
:param is_enabled: Required. Status of the custom alert.
:type is_enabled: bool
:param rule_type: Required. The type of the custom alert rule.Constant filled by server.
:type rule_type: str
:param min_threshold: Required. The minimum threshold.
:type min_threshold: int
:param max_threshold: Required. The maximum threshold.
:type max_threshold: int
:param time_window_size: Required. The time window size in iso8601 format.
:type time_window_size: ~datetime.timedelta
"""
_validation = {
'display_name': {'readonly': True},
'description': {'readonly': True},
'is_enabled': {'required': True},
'rule_type': {'required': True},
'min_threshold': {'required': True},
'max_threshold': {'required': True},
'time_window_size': {'required': True},
}
_attribute_map = {
'display_name': {'key': 'displayName', 'type': 'str'},
'description': {'key': 'description', 'type': 'str'},
'is_enabled': {'key': 'isEnabled', 'type': 'bool'},
'rule_type': {'key': 'ruleType', 'type': 'str'},
'min_threshold': {'key': 'minThreshold', 'type': 'int'},
'max_threshold': {'key': 'maxThreshold', 'type': 'int'},
'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'},
}
def __init__(
self,
*,
is_enabled: bool,
min_threshold: int,
max_threshold: int,
time_window_size: datetime.timedelta,
**kwargs
):
super(QueuePurgesNotInAllowedRange, self).__init__(is_enabled=is_enabled, min_threshold=min_threshold, max_threshold=max_threshold, time_window_size=time_window_size, **kwargs)
self.rule_type = 'QueuePurgesNotInAllowedRange' # type: str
[docs]class RecommendationConfigurationProperties(msrest.serialization.Model):
"""The type of IoT Security recommendation.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:param recommendation_type: Required. The type of IoT Security recommendation. Possible values
include: "IoT_ACRAuthentication", "IoT_AgentSendsUnutilizedMessages", "IoT_Baseline",
"IoT_EdgeHubMemOptimize", "IoT_EdgeLoggingOptions", "IoT_InconsistentModuleSettings",
"IoT_InstallAgent", "IoT_IPFilter_DenyAll", "IoT_IPFilter_PermissiveRule", "IoT_OpenPorts",
"IoT_PermissiveFirewallPolicy", "IoT_PermissiveInputFirewallRules",
"IoT_PermissiveOutputFirewallRules", "IoT_PrivilegedDockerOptions", "IoT_SharedCredentials",
"IoT_VulnerableTLSCipherSuite".
:type recommendation_type: str or ~azure.mgmt.security.models.RecommendationType
:ivar name:
:vartype name: str
:param status: Required. Recommendation status. When the recommendation status is disabled
recommendations are not generated. Possible values include: "Disabled", "Enabled". Default
value: "Enabled".
:type status: str or ~azure.mgmt.security.models.RecommendationConfigStatus
"""
_validation = {
'recommendation_type': {'required': True},
'name': {'readonly': True},
'status': {'required': True},
}
_attribute_map = {
'recommendation_type': {'key': 'recommendationType', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'status': {'key': 'status', 'type': 'str'},
}
def __init__(
self,
*,
recommendation_type: Union[str, "RecommendationType"],
status: Union[str, "RecommendationConfigStatus"] = "Enabled",
**kwargs
):
super(RecommendationConfigurationProperties, self).__init__(**kwargs)
self.recommendation_type = recommendation_type
self.name = None
self.status = status
[docs]class RegulatoryComplianceAssessment(Resource):
"""Regulatory compliance assessment details and state.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:ivar description: The description of the regulatory compliance assessment.
:vartype description: str
:ivar assessment_type: The expected type of assessment contained in the AssessmentDetailsLink.
:vartype assessment_type: str
:ivar assessment_details_link: Link to more detailed assessment results data. The response type
will be according to the assessmentType field.
:vartype assessment_details_link: str
:param state: Aggregative state based on the assessment's scanned resources states. Possible
values include: "Passed", "Failed", "Skipped", "Unsupported".
:type state: str or ~azure.mgmt.security.models.State
:ivar passed_resources: The given assessment's related resources count with passed state.
:vartype passed_resources: int
:ivar failed_resources: The given assessment's related resources count with failed state.
:vartype failed_resources: int
:ivar skipped_resources: The given assessment's related resources count with skipped state.
:vartype skipped_resources: int
:ivar unsupported_resources: The given assessment's related resources count with unsupported
state.
:vartype unsupported_resources: int
"""
_validation = {
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
'description': {'readonly': True},
'assessment_type': {'readonly': True},
'assessment_details_link': {'readonly': True},
'passed_resources': {'readonly': True},
'failed_resources': {'readonly': True},
'skipped_resources': {'readonly': True},
'unsupported_resources': {'readonly': True},
}
_attribute_map = {
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'description': {'key': 'properties.description', 'type': 'str'},
'assessment_type': {'key': 'properties.assessmentType', 'type': 'str'},
'assessment_details_link': {'key': 'properties.assessmentDetailsLink', 'type': 'str'},
'state': {'key': 'properties.state', 'type': 'str'},
'passed_resources': {'key': 'properties.passedResources', 'type': 'int'},
'failed_resources': {'key': 'properties.failedResources', 'type': 'int'},
'skipped_resources': {'key': 'properties.skippedResources', 'type': 'int'},
'unsupported_resources': {'key': 'properties.unsupportedResources', 'type': 'int'},
}
def __init__(
self,
*,
state: Optional[Union[str, "State"]] = None,
**kwargs
):
super(RegulatoryComplianceAssessment, self).__init__(**kwargs)
self.description = None
self.assessment_type = None
self.assessment_details_link = None
self.state = state
self.passed_resources = None
self.failed_resources = None
self.skipped_resources = None
self.unsupported_resources = None
[docs]class RegulatoryComplianceAssessmentList(msrest.serialization.Model):
"""List of regulatory compliance assessment response.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:param value: Required.
:type value: list[~azure.mgmt.security.models.RegulatoryComplianceAssessment]
:ivar next_link: The URI to fetch the next page.
:vartype next_link: str
"""
_validation = {
'value': {'required': True},
'next_link': {'readonly': True},
}
_attribute_map = {
'value': {'key': 'value', 'type': '[RegulatoryComplianceAssessment]'},
'next_link': {'key': 'nextLink', 'type': 'str'},
}
def __init__(
self,
*,
value: List["RegulatoryComplianceAssessment"],
**kwargs
):
super(RegulatoryComplianceAssessmentList, self).__init__(**kwargs)
self.value = value
self.next_link = None
[docs]class RegulatoryComplianceControl(Resource):
"""Regulatory compliance control details and state.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:ivar description: The description of the regulatory compliance control.
:vartype description: str
:param state: Aggregative state based on the control's supported assessments states. Possible
values include: "Passed", "Failed", "Skipped", "Unsupported".
:type state: str or ~azure.mgmt.security.models.State
:ivar passed_assessments: The number of supported regulatory compliance assessments of the
given control with a passed state.
:vartype passed_assessments: int
:ivar failed_assessments: The number of supported regulatory compliance assessments of the
given control with a failed state.
:vartype failed_assessments: int
:ivar skipped_assessments: The number of supported regulatory compliance assessments of the
given control with a skipped state.
:vartype skipped_assessments: int
"""
_validation = {
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
'description': {'readonly': True},
'passed_assessments': {'readonly': True},
'failed_assessments': {'readonly': True},
'skipped_assessments': {'readonly': True},
}
_attribute_map = {
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'description': {'key': 'properties.description', 'type': 'str'},
'state': {'key': 'properties.state', 'type': 'str'},
'passed_assessments': {'key': 'properties.passedAssessments', 'type': 'int'},
'failed_assessments': {'key': 'properties.failedAssessments', 'type': 'int'},
'skipped_assessments': {'key': 'properties.skippedAssessments', 'type': 'int'},
}
def __init__(
self,
*,
state: Optional[Union[str, "State"]] = None,
**kwargs
):
super(RegulatoryComplianceControl, self).__init__(**kwargs)
self.description = None
self.state = state
self.passed_assessments = None
self.failed_assessments = None
self.skipped_assessments = None
[docs]class RegulatoryComplianceControlList(msrest.serialization.Model):
"""List of regulatory compliance controls response.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:param value: Required. List of regulatory compliance controls.
:type value: list[~azure.mgmt.security.models.RegulatoryComplianceControl]
:ivar next_link: The URI to fetch the next page.
:vartype next_link: str
"""
_validation = {
'value': {'required': True},
'next_link': {'readonly': True},
}
_attribute_map = {
'value': {'key': 'value', 'type': '[RegulatoryComplianceControl]'},
'next_link': {'key': 'nextLink', 'type': 'str'},
}
def __init__(
self,
*,
value: List["RegulatoryComplianceControl"],
**kwargs
):
super(RegulatoryComplianceControlList, self).__init__(**kwargs)
self.value = value
self.next_link = None
[docs]class RegulatoryComplianceStandard(Resource):
"""Regulatory compliance standard details and state.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:param state: Aggregative state based on the standard's supported controls states. Possible
values include: "Passed", "Failed", "Skipped", "Unsupported".
:type state: str or ~azure.mgmt.security.models.State
:ivar passed_controls: The number of supported regulatory compliance controls of the given
standard with a passed state.
:vartype passed_controls: int
:ivar failed_controls: The number of supported regulatory compliance controls of the given
standard with a failed state.
:vartype failed_controls: int
:ivar skipped_controls: The number of supported regulatory compliance controls of the given
standard with a skipped state.
:vartype skipped_controls: int
:ivar unsupported_controls: The number of regulatory compliance controls of the given standard
which are unsupported by automated assessments.
:vartype unsupported_controls: int
"""
_validation = {
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
'passed_controls': {'readonly': True},
'failed_controls': {'readonly': True},
'skipped_controls': {'readonly': True},
'unsupported_controls': {'readonly': True},
}
_attribute_map = {
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'state': {'key': 'properties.state', 'type': 'str'},
'passed_controls': {'key': 'properties.passedControls', 'type': 'int'},
'failed_controls': {'key': 'properties.failedControls', 'type': 'int'},
'skipped_controls': {'key': 'properties.skippedControls', 'type': 'int'},
'unsupported_controls': {'key': 'properties.unsupportedControls', 'type': 'int'},
}
def __init__(
self,
*,
state: Optional[Union[str, "State"]] = None,
**kwargs
):
super(RegulatoryComplianceStandard, self).__init__(**kwargs)
self.state = state
self.passed_controls = None
self.failed_controls = None
self.skipped_controls = None
self.unsupported_controls = None
[docs]class RegulatoryComplianceStandardList(msrest.serialization.Model):
"""List of regulatory compliance standards response.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:param value: Required.
:type value: list[~azure.mgmt.security.models.RegulatoryComplianceStandard]
:ivar next_link: The URI to fetch the next page.
:vartype next_link: str
"""
_validation = {
'value': {'required': True},
'next_link': {'readonly': True},
}
_attribute_map = {
'value': {'key': 'value', 'type': '[RegulatoryComplianceStandard]'},
'next_link': {'key': 'nextLink', 'type': 'str'},
}
def __init__(
self,
*,
value: List["RegulatoryComplianceStandard"],
**kwargs
):
super(RegulatoryComplianceStandardList, self).__init__(**kwargs)
self.value = value
self.next_link = None
[docs]class Rule(msrest.serialization.Model):
"""Describes remote addresses that is recommended to communicate with the Azure resource on some (Protocol, Port, Direction). All other remote addresses are recommended to be blocked.
:param name: The name of the rule.
:type name: str
:param direction: The rule's direction. Possible values include: "Inbound", "Outbound".
:type direction: str or ~azure.mgmt.security.models.Direction
:param destination_port: The rule's destination port.
:type destination_port: int
:param protocols: The rule's transport protocols.
:type protocols: list[str or ~azure.mgmt.security.models.TransportProtocol]
:param ip_addresses: The remote IP addresses that should be able to communicate with the Azure
resource on the rule's destination port and protocol.
:type ip_addresses: list[str]
"""
_validation = {
'destination_port': {'maximum': 65535, 'minimum': 0},
}
_attribute_map = {
'name': {'key': 'name', 'type': 'str'},
'direction': {'key': 'direction', 'type': 'str'},
'destination_port': {'key': 'destinationPort', 'type': 'int'},
'protocols': {'key': 'protocols', 'type': '[str]'},
'ip_addresses': {'key': 'ipAddresses', 'type': '[str]'},
}
def __init__(
self,
*,
name: Optional[str] = None,
direction: Optional[Union[str, "Direction"]] = None,
destination_port: Optional[int] = None,
protocols: Optional[List[Union[str, "TransportProtocol"]]] = None,
ip_addresses: Optional[List[str]] = None,
**kwargs
):
super(Rule, self).__init__(**kwargs)
self.name = name
self.direction = direction
self.destination_port = destination_port
self.protocols = protocols
self.ip_addresses = ip_addresses
[docs]class RuleResults(Resource):
"""Rule results.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:param properties: Rule results properties.
:type properties: ~azure.mgmt.security.models.RuleResultsProperties
"""
_validation = {
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
}
_attribute_map = {
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'properties': {'key': 'properties', 'type': 'RuleResultsProperties'},
}
def __init__(
self,
*,
properties: Optional["RuleResultsProperties"] = None,
**kwargs
):
super(RuleResults, self).__init__(**kwargs)
self.properties = properties
[docs]class RuleResultsProperties(msrest.serialization.Model):
"""Rule results properties.
:param results: Expected results in the baseline.
:type results: list[list[str]]
"""
_attribute_map = {
'results': {'key': 'results', 'type': '[[str]]'},
}
def __init__(
self,
*,
results: Optional[List[List[str]]] = None,
**kwargs
):
super(RuleResultsProperties, self).__init__(**kwargs)
self.results = results
[docs]class RulesResults(msrest.serialization.Model):
"""A list of rules results.
:param value: List of rule results.
:type value: list[~azure.mgmt.security.models.RuleResults]
"""
_attribute_map = {
'value': {'key': 'value', 'type': '[RuleResults]'},
}
def __init__(
self,
*,
value: Optional[List["RuleResults"]] = None,
**kwargs
):
super(RulesResults, self).__init__(**kwargs)
self.value = value
[docs]class Scan(Resource):
"""A vulnerability assessment scan record.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:param properties: A vulnerability assessment scan record properties.
:type properties: ~azure.mgmt.security.models.ScanProperties
"""
_validation = {
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
}
_attribute_map = {
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'properties': {'key': 'properties', 'type': 'ScanProperties'},
}
def __init__(
self,
*,
properties: Optional["ScanProperties"] = None,
**kwargs
):
super(Scan, self).__init__(**kwargs)
self.properties = properties
[docs]class ScanProperties(msrest.serialization.Model):
"""A vulnerability assessment scan record properties.
:param trigger_type: The scan trigger type. Possible values include: "OnDemand", "Recurring".
:type trigger_type: str or ~azure.mgmt.security.models.ScanTriggerType
:param state: The scan status. Possible values include: "Failed", "FailedToRun", "InProgress",
"Passed".
:type state: str or ~azure.mgmt.security.models.ScanState
:param server: The server name.
:type server: str
:param database: The database name.
:type database: str
:param sql_version: The SQL version.
:type sql_version: str
:param start_time: The scan start time (UTC).
:type start_time: ~datetime.datetime
:param end_time: Scan results are valid until end time (UTC).
:type end_time: ~datetime.datetime
:param high_severity_failed_rules_count: The number of failed rules with high severity.
:type high_severity_failed_rules_count: int
:param medium_severity_failed_rules_count: The number of failed rules with medium severity.
:type medium_severity_failed_rules_count: int
:param low_severity_failed_rules_count: The number of failed rules with low severity.
:type low_severity_failed_rules_count: int
:param total_passed_rules_count: The number of total passed rules.
:type total_passed_rules_count: int
:param total_failed_rules_count: The number of total failed rules.
:type total_failed_rules_count: int
:param total_rules_count: The number of total rules assessed.
:type total_rules_count: int
:param is_baseline_applied: Baseline created for this database, and has one or more rules.
:type is_baseline_applied: bool
"""
_attribute_map = {
'trigger_type': {'key': 'triggerType', 'type': 'str'},
'state': {'key': 'state', 'type': 'str'},
'server': {'key': 'server', 'type': 'str'},
'database': {'key': 'database', 'type': 'str'},
'sql_version': {'key': 'sqlVersion', 'type': 'str'},
'start_time': {'key': 'startTime', 'type': 'iso-8601'},
'end_time': {'key': 'endTime', 'type': 'iso-8601'},
'high_severity_failed_rules_count': {'key': 'highSeverityFailedRulesCount', 'type': 'int'},
'medium_severity_failed_rules_count': {'key': 'mediumSeverityFailedRulesCount', 'type': 'int'},
'low_severity_failed_rules_count': {'key': 'lowSeverityFailedRulesCount', 'type': 'int'},
'total_passed_rules_count': {'key': 'totalPassedRulesCount', 'type': 'int'},
'total_failed_rules_count': {'key': 'totalFailedRulesCount', 'type': 'int'},
'total_rules_count': {'key': 'totalRulesCount', 'type': 'int'},
'is_baseline_applied': {'key': 'isBaselineApplied', 'type': 'bool'},
}
def __init__(
self,
*,
trigger_type: Optional[Union[str, "ScanTriggerType"]] = None,
state: Optional[Union[str, "ScanState"]] = None,
server: Optional[str] = None,
database: Optional[str] = None,
sql_version: Optional[str] = None,
start_time: Optional[datetime.datetime] = None,
end_time: Optional[datetime.datetime] = None,
high_severity_failed_rules_count: Optional[int] = None,
medium_severity_failed_rules_count: Optional[int] = None,
low_severity_failed_rules_count: Optional[int] = None,
total_passed_rules_count: Optional[int] = None,
total_failed_rules_count: Optional[int] = None,
total_rules_count: Optional[int] = None,
is_baseline_applied: Optional[bool] = None,
**kwargs
):
super(ScanProperties, self).__init__(**kwargs)
self.trigger_type = trigger_type
self.state = state
self.server = server
self.database = database
self.sql_version = sql_version
self.start_time = start_time
self.end_time = end_time
self.high_severity_failed_rules_count = high_severity_failed_rules_count
self.medium_severity_failed_rules_count = medium_severity_failed_rules_count
self.low_severity_failed_rules_count = low_severity_failed_rules_count
self.total_passed_rules_count = total_passed_rules_count
self.total_failed_rules_count = total_failed_rules_count
self.total_rules_count = total_rules_count
self.is_baseline_applied = is_baseline_applied
[docs]class ScanResult(Resource):
"""A vulnerability assessment scan result for a single rule.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:param properties: A vulnerability assessment scan result properties for a single rule.
:type properties: ~azure.mgmt.security.models.ScanResultProperties
"""
_validation = {
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
}
_attribute_map = {
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'properties': {'key': 'properties', 'type': 'ScanResultProperties'},
}
def __init__(
self,
*,
properties: Optional["ScanResultProperties"] = None,
**kwargs
):
super(ScanResult, self).__init__(**kwargs)
self.properties = properties
[docs]class ScanResultProperties(msrest.serialization.Model):
"""A vulnerability assessment scan result properties for a single rule.
:param rule_id: The rule Id.
:type rule_id: str
:param status: The rule result status. Possible values include: "NonFinding", "Finding",
"InternalError".
:type status: str or ~azure.mgmt.security.models.RuleStatus
:param is_trimmed: Indicated whether the results specified here are trimmed.
:type is_trimmed: bool
:param query_results: The results of the query that was run.
:type query_results: list[list[str]]
:param remediation: Remediation details.
:type remediation: ~azure.mgmt.security.models.Remediation
:param baseline_adjusted_result: The rule result adjusted with baseline.
:type baseline_adjusted_result: ~azure.mgmt.security.models.BaselineAdjustedResult
:param rule_metadata: vulnerability assessment rule metadata details.
:type rule_metadata: ~azure.mgmt.security.models.VaRule
"""
_attribute_map = {
'rule_id': {'key': 'ruleId', 'type': 'str'},
'status': {'key': 'status', 'type': 'str'},
'is_trimmed': {'key': 'isTrimmed', 'type': 'bool'},
'query_results': {'key': 'queryResults', 'type': '[[str]]'},
'remediation': {'key': 'remediation', 'type': 'Remediation'},
'baseline_adjusted_result': {'key': 'baselineAdjustedResult', 'type': 'BaselineAdjustedResult'},
'rule_metadata': {'key': 'ruleMetadata', 'type': 'VaRule'},
}
def __init__(
self,
*,
rule_id: Optional[str] = None,
status: Optional[Union[str, "RuleStatus"]] = None,
is_trimmed: Optional[bool] = None,
query_results: Optional[List[List[str]]] = None,
remediation: Optional["Remediation"] = None,
baseline_adjusted_result: Optional["BaselineAdjustedResult"] = None,
rule_metadata: Optional["VaRule"] = None,
**kwargs
):
super(ScanResultProperties, self).__init__(**kwargs)
self.rule_id = rule_id
self.status = status
self.is_trimmed = is_trimmed
self.query_results = query_results
self.remediation = remediation
self.baseline_adjusted_result = baseline_adjusted_result
self.rule_metadata = rule_metadata
[docs]class ScanResults(msrest.serialization.Model):
"""A list of vulnerability assessment scan results.
:param value: List of vulnerability assessment scan results.
:type value: list[~azure.mgmt.security.models.ScanResult]
"""
_attribute_map = {
'value': {'key': 'value', 'type': '[ScanResult]'},
}
def __init__(
self,
*,
value: Optional[List["ScanResult"]] = None,
**kwargs
):
super(ScanResults, self).__init__(**kwargs)
self.value = value
[docs]class Scans(msrest.serialization.Model):
"""A list of vulnerability assessment scan records.
:param value: List of vulnerability assessment scan records.
:type value: list[~azure.mgmt.security.models.Scan]
"""
_attribute_map = {
'value': {'key': 'value', 'type': '[Scan]'},
}
def __init__(
self,
*,
value: Optional[List["Scan"]] = None,
**kwargs
):
super(Scans, self).__init__(**kwargs)
self.value = value
[docs]class ScopeElement(msrest.serialization.Model):
"""A more specific scope used to identify the alerts to suppress.
:param additional_properties: Unmatched properties from the message are deserialized to this
collection.
:type additional_properties: dict[str, any]
:param field: The alert entity type to suppress by.
:type field: str
"""
_attribute_map = {
'additional_properties': {'key': '', 'type': '{object}'},
'field': {'key': 'field', 'type': 'str'},
}
def __init__(
self,
*,
additional_properties: Optional[Dict[str, Any]] = None,
field: Optional[str] = None,
**kwargs
):
super(ScopeElement, self).__init__(**kwargs)
self.additional_properties = additional_properties
self.field = field
[docs]class SecureScoreControlDefinitionItem(Resource):
"""Information about the security control.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:ivar display_name: User friendly display name of the control.
:vartype display_name: str
:ivar description: User friendly description of the control.
:vartype description: str
:ivar max_score: Maximum control score (0..10).
:vartype max_score: int
:ivar source: Source object from which the control was created.
:vartype source: ~azure.mgmt.security.models.SecureScoreControlDefinitionSource
:ivar assessment_definitions: Array of assessments metadata IDs that are included in this
security control.
:vartype assessment_definitions: list[~azure.mgmt.security.models.AzureResourceLink]
"""
_validation = {
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
'display_name': {'readonly': True},
'description': {'readonly': True, 'max_length': 256, 'min_length': 0},
'max_score': {'readonly': True, 'maximum': 10, 'minimum': 0},
'source': {'readonly': True},
'assessment_definitions': {'readonly': True},
}
_attribute_map = {
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'display_name': {'key': 'properties.displayName', 'type': 'str'},
'description': {'key': 'properties.description', 'type': 'str'},
'max_score': {'key': 'properties.maxScore', 'type': 'int'},
'source': {'key': 'properties.source', 'type': 'SecureScoreControlDefinitionSource'},
'assessment_definitions': {'key': 'properties.assessmentDefinitions', 'type': '[AzureResourceLink]'},
}
def __init__(
self,
**kwargs
):
super(SecureScoreControlDefinitionItem, self).__init__(**kwargs)
self.display_name = None
self.description = None
self.max_score = None
self.source = None
self.assessment_definitions = None
[docs]class SecureScoreControlDefinitionList(msrest.serialization.Model):
"""List of security controls definition.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar value: Collection of security controls definition in this page.
:vartype value: list[~azure.mgmt.security.models.SecureScoreControlDefinitionItem]
:ivar next_link: The URI to fetch the next page.
:vartype next_link: str
"""
_validation = {
'value': {'readonly': True},
'next_link': {'readonly': True},
}
_attribute_map = {
'value': {'key': 'value', 'type': '[SecureScoreControlDefinitionItem]'},
'next_link': {'key': 'nextLink', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(SecureScoreControlDefinitionList, self).__init__(**kwargs)
self.value = None
self.next_link = None
[docs]class SecureScoreControlDefinitionSource(msrest.serialization.Model):
"""The type of the security control (For example, BuiltIn).
:param source_type: The type of security control (for example, BuiltIn). Possible values
include: "BuiltIn", "Custom".
:type source_type: str or ~azure.mgmt.security.models.ControlType
"""
_attribute_map = {
'source_type': {'key': 'sourceType', 'type': 'str'},
}
def __init__(
self,
*,
source_type: Optional[Union[str, "ControlType"]] = None,
**kwargs
):
super(SecureScoreControlDefinitionSource, self).__init__(**kwargs)
self.source_type = source_type
[docs]class SecureScoreControlDetails(Resource):
"""Details of the security control, its score, and the health status of the relevant resources.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:ivar display_name: User friendly display name of the control.
:vartype display_name: str
:ivar healthy_resource_count: Number of healthy resources in the control.
:vartype healthy_resource_count: int
:ivar unhealthy_resource_count: Number of unhealthy resources in the control.
:vartype unhealthy_resource_count: int
:ivar not_applicable_resource_count: Number of not applicable resources in the control.
:vartype not_applicable_resource_count: int
:ivar weight: The relative weight for this specific control in each of your subscriptions. Used
when calculating an aggregated score for this control across all of your subscriptions.
:vartype weight: long
:param definition: Information about the security control.
:type definition: ~azure.mgmt.security.models.SecureScoreControlDefinitionItem
:ivar max: Maximum score available.
:vartype max: int
:ivar current: Current score.
:vartype current: float
:ivar percentage: Ratio of the current score divided by the maximum. Rounded to 4 digits after
the decimal point.
:vartype percentage: float
"""
_validation = {
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
'display_name': {'readonly': True},
'healthy_resource_count': {'readonly': True},
'unhealthy_resource_count': {'readonly': True},
'not_applicable_resource_count': {'readonly': True},
'weight': {'readonly': True, 'minimum': 0},
'max': {'readonly': True, 'minimum': 0},
'current': {'readonly': True, 'minimum': 0},
'percentage': {'readonly': True, 'maximum': 1, 'minimum': 0},
}
_attribute_map = {
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'display_name': {'key': 'properties.displayName', 'type': 'str'},
'healthy_resource_count': {'key': 'properties.healthyResourceCount', 'type': 'int'},
'unhealthy_resource_count': {'key': 'properties.unhealthyResourceCount', 'type': 'int'},
'not_applicable_resource_count': {'key': 'properties.notApplicableResourceCount', 'type': 'int'},
'weight': {'key': 'properties.weight', 'type': 'long'},
'definition': {'key': 'properties.definition', 'type': 'SecureScoreControlDefinitionItem'},
'max': {'key': 'properties.score.max', 'type': 'int'},
'current': {'key': 'properties.score.current', 'type': 'float'},
'percentage': {'key': 'properties.score.percentage', 'type': 'float'},
}
def __init__(
self,
*,
definition: Optional["SecureScoreControlDefinitionItem"] = None,
**kwargs
):
super(SecureScoreControlDetails, self).__init__(**kwargs)
self.display_name = None
self.healthy_resource_count = None
self.unhealthy_resource_count = None
self.not_applicable_resource_count = None
self.weight = None
self.definition = definition
self.max = None
self.current = None
self.percentage = None
[docs]class SecureScoreControlList(msrest.serialization.Model):
"""List of security controls.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar value: Collection of security controls in this page.
:vartype value: list[~azure.mgmt.security.models.SecureScoreControlDetails]
:ivar next_link: The URI to fetch the next page.
:vartype next_link: str
"""
_validation = {
'value': {'readonly': True},
'next_link': {'readonly': True},
}
_attribute_map = {
'value': {'key': 'value', 'type': '[SecureScoreControlDetails]'},
'next_link': {'key': 'nextLink', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(SecureScoreControlList, self).__init__(**kwargs)
self.value = None
self.next_link = None
[docs]class SecureScoreControlScore(msrest.serialization.Model):
"""Calculation result data.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar max: Maximum control score (0..10).
:vartype max: int
:ivar current: Actual score for the control = (achieved points / total points) * max score. if
total points is zeroed, the return number is 0.00.
:vartype current: float
:ivar percentage: Ratio of the current score divided by the maximum. Rounded to 4 digits after
the decimal point.
:vartype percentage: float
"""
_validation = {
'max': {'readonly': True, 'maximum': 10, 'minimum': 0},
'current': {'readonly': True, 'maximum': 10, 'minimum': 0},
'percentage': {'readonly': True, 'maximum': 1, 'minimum': 0},
}
_attribute_map = {
'max': {'key': 'max', 'type': 'int'},
'current': {'key': 'current', 'type': 'float'},
'percentage': {'key': 'percentage', 'type': 'float'},
}
def __init__(
self,
**kwargs
):
super(SecureScoreControlScore, self).__init__(**kwargs)
self.max = None
self.current = None
self.percentage = None
[docs]class SecureScoreItem(Resource):
"""Secure score item data model.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:ivar display_name: The initiative’s name.
:vartype display_name: str
:ivar weight: The relative weight for each subscription. Used when calculating an aggregated
secure score for multiple subscriptions.
:vartype weight: long
:ivar max: Maximum score available.
:vartype max: int
:ivar current: Current score.
:vartype current: float
:ivar percentage: Ratio of the current score divided by the maximum. Rounded to 4 digits after
the decimal point.
:vartype percentage: float
"""
_validation = {
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
'display_name': {'readonly': True},
'weight': {'readonly': True, 'minimum': 0},
'max': {'readonly': True, 'minimum': 0},
'current': {'readonly': True, 'minimum': 0},
'percentage': {'readonly': True, 'maximum': 1, 'minimum': 0},
}
_attribute_map = {
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'display_name': {'key': 'properties.displayName', 'type': 'str'},
'weight': {'key': 'properties.weight', 'type': 'long'},
'max': {'key': 'properties.score.max', 'type': 'int'},
'current': {'key': 'properties.score.current', 'type': 'float'},
'percentage': {'key': 'properties.score.percentage', 'type': 'float'},
}
def __init__(
self,
**kwargs
):
super(SecureScoreItem, self).__init__(**kwargs)
self.display_name = None
self.weight = None
self.max = None
self.current = None
self.percentage = None
[docs]class SecureScoresList(msrest.serialization.Model):
"""List of secure scores.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar value: Collection of secure scores in this page.
:vartype value: list[~azure.mgmt.security.models.SecureScoreItem]
:ivar next_link: The URI to fetch the next page.
:vartype next_link: str
"""
_validation = {
'value': {'readonly': True},
'next_link': {'readonly': True},
}
_attribute_map = {
'value': {'key': 'value', 'type': '[SecureScoreItem]'},
'next_link': {'key': 'nextLink', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(SecureScoresList, self).__init__(**kwargs)
self.value = None
self.next_link = None
[docs]class SecurityAssessment(Resource):
"""Security assessment on a resource.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:param resource_details: Details of the resource that was assessed.
:type resource_details: ~azure.mgmt.security.models.ResourceDetails
:ivar display_name: User friendly display name of the assessment.
:vartype display_name: str
:param status: The result of the assessment.
:type status: ~azure.mgmt.security.models.AssessmentStatus
:param additional_data: Additional data regarding the assessment.
:type additional_data: dict[str, str]
:ivar links: Links relevant to the assessment.
:vartype links: ~azure.mgmt.security.models.AssessmentLinks
:param metadata: Describes properties of an assessment metadata.
:type metadata: ~azure.mgmt.security.models.SecurityAssessmentMetadataProperties
:param partners_data: Data regarding 3rd party partner integration.
:type partners_data: ~azure.mgmt.security.models.SecurityAssessmentPartnerData
"""
_validation = {
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
'display_name': {'readonly': True},
'links': {'readonly': True},
}
_attribute_map = {
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'resource_details': {'key': 'properties.resourceDetails', 'type': 'ResourceDetails'},
'display_name': {'key': 'properties.displayName', 'type': 'str'},
'status': {'key': 'properties.status', 'type': 'AssessmentStatus'},
'additional_data': {'key': 'properties.additionalData', 'type': '{str}'},
'links': {'key': 'properties.links', 'type': 'AssessmentLinks'},
'metadata': {'key': 'properties.metadata', 'type': 'SecurityAssessmentMetadataProperties'},
'partners_data': {'key': 'properties.partnersData', 'type': 'SecurityAssessmentPartnerData'},
}
def __init__(
self,
*,
resource_details: Optional["ResourceDetails"] = None,
status: Optional["AssessmentStatus"] = None,
additional_data: Optional[Dict[str, str]] = None,
metadata: Optional["SecurityAssessmentMetadataProperties"] = None,
partners_data: Optional["SecurityAssessmentPartnerData"] = None,
**kwargs
):
super(SecurityAssessment, self).__init__(**kwargs)
self.resource_details = resource_details
self.display_name = None
self.status = status
self.additional_data = additional_data
self.links = None
self.metadata = metadata
self.partners_data = partners_data
[docs]class SecurityAssessmentList(msrest.serialization.Model):
"""Page of a security assessments list.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar value: Collection of security assessments in this page.
:vartype value: list[~azure.mgmt.security.models.SecurityAssessment]
:ivar next_link: The URI to fetch the next page.
:vartype next_link: str
"""
_validation = {
'value': {'readonly': True},
'next_link': {'readonly': True},
}
_attribute_map = {
'value': {'key': 'value', 'type': '[SecurityAssessment]'},
'next_link': {'key': 'nextLink', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(SecurityAssessmentList, self).__init__(**kwargs)
self.value = None
self.next_link = None
[docs]class SecurityAssessmentPartnerData(msrest.serialization.Model):
"""Data regarding 3rd party partner integration.
All required parameters must be populated in order to send to Azure.
:param partner_name: Required. Name of the company of the partner.
:type partner_name: str
:param secret: Required. secret to authenticate the partner - write only.
:type secret: str
"""
_validation = {
'partner_name': {'required': True},
'secret': {'required': True},
}
_attribute_map = {
'partner_name': {'key': 'partnerName', 'type': 'str'},
'secret': {'key': 'secret', 'type': 'str'},
}
def __init__(
self,
*,
partner_name: str,
secret: str,
**kwargs
):
super(SecurityAssessmentPartnerData, self).__init__(**kwargs)
self.partner_name = partner_name
self.secret = secret
[docs]class SecuritySolution(Resource, Location):
"""SecuritySolution.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar location: Location where the resource is stored.
:vartype location: str
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:param security_family: The security family of the security solution. Possible values include:
"Waf", "Ngfw", "SaasWaf", "Va".
:type security_family: str or ~azure.mgmt.security.models.SecurityFamily
:param provisioning_state: The security family provisioning State. Possible values include:
"Succeeded", "Failed", "Updating".
:type provisioning_state: str or ~azure.mgmt.security.models.ProvisioningState
:param template: The security solutions' template.
:type template: str
:param protection_status: The security solutions' status.
:type protection_status: str
"""
_validation = {
'location': {'readonly': True},
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
}
_attribute_map = {
'location': {'key': 'location', 'type': 'str'},
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'security_family': {'key': 'properties.securityFamily', 'type': 'str'},
'provisioning_state': {'key': 'properties.provisioningState', 'type': 'str'},
'template': {'key': 'properties.template', 'type': 'str'},
'protection_status': {'key': 'properties.protectionStatus', 'type': 'str'},
}
def __init__(
self,
*,
security_family: Optional[Union[str, "SecurityFamily"]] = None,
provisioning_state: Optional[Union[str, "ProvisioningState"]] = None,
template: Optional[str] = None,
protection_status: Optional[str] = None,
**kwargs
):
super(SecuritySolution, self).__init__(**kwargs)
self.location = None
self.security_family = security_family
self.provisioning_state = provisioning_state
self.template = template
self.protection_status = protection_status
self.id = None
self.name = None
self.type = None
self.security_family = security_family
self.provisioning_state = provisioning_state
self.template = template
self.protection_status = protection_status
[docs]class SecuritySolutionList(msrest.serialization.Model):
"""SecuritySolutionList.
Variables are only populated by the server, and will be ignored when sending a request.
:param value:
:type value: list[~azure.mgmt.security.models.SecuritySolution]
:ivar next_link: The URI to fetch the next page.
:vartype next_link: str
"""
_validation = {
'next_link': {'readonly': True},
}
_attribute_map = {
'value': {'key': 'value', 'type': '[SecuritySolution]'},
'next_link': {'key': 'nextLink', 'type': 'str'},
}
def __init__(
self,
*,
value: Optional[List["SecuritySolution"]] = None,
**kwargs
):
super(SecuritySolutionList, self).__init__(**kwargs)
self.value = value
self.next_link = None
[docs]class SecuritySolutionsReferenceData(Resource, Location):
"""SecuritySolutionsReferenceData.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:ivar location: Location where the resource is stored.
:vartype location: str
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:param security_family: Required. The security family of the security solution. Possible values
include: "Waf", "Ngfw", "SaasWaf", "Va".
:type security_family: str or ~azure.mgmt.security.models.SecurityFamily
:param alert_vendor_name: Required. The security solutions' vendor name.
:type alert_vendor_name: str
:param package_info_url: Required. The security solutions' package info url.
:type package_info_url: str
:param product_name: Required. The security solutions' product name.
:type product_name: str
:param publisher: Required. The security solutions' publisher.
:type publisher: str
:param publisher_display_name: Required. The security solutions' publisher display name.
:type publisher_display_name: str
:param template: Required. The security solutions' template.
:type template: str
"""
_validation = {
'location': {'readonly': True},
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
'security_family': {'required': True},
'alert_vendor_name': {'required': True},
'package_info_url': {'required': True},
'product_name': {'required': True},
'publisher': {'required': True},
'publisher_display_name': {'required': True},
'template': {'required': True},
}
_attribute_map = {
'location': {'key': 'location', 'type': 'str'},
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'security_family': {'key': 'properties.securityFamily', 'type': 'str'},
'alert_vendor_name': {'key': 'properties.alertVendorName', 'type': 'str'},
'package_info_url': {'key': 'properties.packageInfoUrl', 'type': 'str'},
'product_name': {'key': 'properties.productName', 'type': 'str'},
'publisher': {'key': 'properties.publisher', 'type': 'str'},
'publisher_display_name': {'key': 'properties.publisherDisplayName', 'type': 'str'},
'template': {'key': 'properties.template', 'type': 'str'},
}
def __init__(
self,
*,
security_family: Union[str, "SecurityFamily"],
alert_vendor_name: str,
package_info_url: str,
product_name: str,
publisher: str,
publisher_display_name: str,
template: str,
**kwargs
):
super(SecuritySolutionsReferenceData, self).__init__(**kwargs)
self.location = None
self.security_family = security_family
self.alert_vendor_name = alert_vendor_name
self.package_info_url = package_info_url
self.product_name = product_name
self.publisher = publisher
self.publisher_display_name = publisher_display_name
self.template = template
self.id = None
self.name = None
self.type = None
self.security_family = security_family
self.alert_vendor_name = alert_vendor_name
self.package_info_url = package_info_url
self.product_name = product_name
self.publisher = publisher
self.publisher_display_name = publisher_display_name
self.template = template
[docs]class SecuritySolutionsReferenceDataList(msrest.serialization.Model):
"""SecuritySolutionsReferenceDataList.
:param value:
:type value: list[~azure.mgmt.security.models.SecuritySolutionsReferenceData]
"""
_attribute_map = {
'value': {'key': 'value', 'type': '[SecuritySolutionsReferenceData]'},
}
def __init__(
self,
*,
value: Optional[List["SecuritySolutionsReferenceData"]] = None,
**kwargs
):
super(SecuritySolutionsReferenceDataList, self).__init__(**kwargs)
self.value = value
[docs]class SecuritySubAssessment(Resource):
"""Security sub-assessment on a resource.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:ivar id_properties_id: Vulnerability ID.
:vartype id_properties_id: str
:ivar display_name: User friendly display name of the sub-assessment.
:vartype display_name: str
:param status: Status of the sub-assessment.
:type status: ~azure.mgmt.security.models.SubAssessmentStatus
:ivar remediation: Information on how to remediate this sub-assessment.
:vartype remediation: str
:ivar impact: Description of the impact of this sub-assessment.
:vartype impact: str
:ivar category: Category of the sub-assessment.
:vartype category: str
:ivar description: Human readable description of the assessment status.
:vartype description: str
:ivar time_generated: The date and time the sub-assessment was generated.
:vartype time_generated: ~datetime.datetime
:param resource_details: Details of the resource that was assessed.
:type resource_details: ~azure.mgmt.security.models.ResourceDetails
:param additional_data: Details of the sub-assessment.
:type additional_data: ~azure.mgmt.security.models.AdditionalData
"""
_validation = {
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
'id_properties_id': {'readonly': True},
'display_name': {'readonly': True},
'remediation': {'readonly': True},
'impact': {'readonly': True},
'category': {'readonly': True},
'description': {'readonly': True},
'time_generated': {'readonly': True},
}
_attribute_map = {
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'id_properties_id': {'key': 'properties.id', 'type': 'str'},
'display_name': {'key': 'properties.displayName', 'type': 'str'},
'status': {'key': 'properties.status', 'type': 'SubAssessmentStatus'},
'remediation': {'key': 'properties.remediation', 'type': 'str'},
'impact': {'key': 'properties.impact', 'type': 'str'},
'category': {'key': 'properties.category', 'type': 'str'},
'description': {'key': 'properties.description', 'type': 'str'},
'time_generated': {'key': 'properties.timeGenerated', 'type': 'iso-8601'},
'resource_details': {'key': 'properties.resourceDetails', 'type': 'ResourceDetails'},
'additional_data': {'key': 'properties.additionalData', 'type': 'AdditionalData'},
}
def __init__(
self,
*,
status: Optional["SubAssessmentStatus"] = None,
resource_details: Optional["ResourceDetails"] = None,
additional_data: Optional["AdditionalData"] = None,
**kwargs
):
super(SecuritySubAssessment, self).__init__(**kwargs)
self.id_properties_id = None
self.display_name = None
self.status = status
self.remediation = None
self.impact = None
self.category = None
self.description = None
self.time_generated = None
self.resource_details = resource_details
self.additional_data = additional_data
[docs]class SecuritySubAssessmentList(msrest.serialization.Model):
"""List of security sub-assessments.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar value:
:vartype value: list[~azure.mgmt.security.models.SecuritySubAssessment]
:ivar next_link: The URI to fetch the next page.
:vartype next_link: str
"""
_validation = {
'value': {'readonly': True},
'next_link': {'readonly': True},
}
_attribute_map = {
'value': {'key': 'value', 'type': '[SecuritySubAssessment]'},
'next_link': {'key': 'nextLink', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(SecuritySubAssessmentList, self).__init__(**kwargs)
self.value = None
self.next_link = None
[docs]class SecurityTask(Resource):
"""Security task that we recommend to do in order to strengthen security.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:ivar state: State of the task (Active, Resolved etc.).
:vartype state: str
:ivar creation_time_utc: The time this task was discovered in UTC.
:vartype creation_time_utc: ~datetime.datetime
:param security_task_parameters: Changing set of properties, depending on the task type that is
derived from the name field.
:type security_task_parameters: ~azure.mgmt.security.models.SecurityTaskParameters
:ivar last_state_change_time_utc: The time this task's details were last changed in UTC.
:vartype last_state_change_time_utc: ~datetime.datetime
:ivar sub_state: Additional data on the state of the task.
:vartype sub_state: str
"""
_validation = {
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
'state': {'readonly': True},
'creation_time_utc': {'readonly': True},
'last_state_change_time_utc': {'readonly': True},
'sub_state': {'readonly': True},
}
_attribute_map = {
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'state': {'key': 'properties.state', 'type': 'str'},
'creation_time_utc': {'key': 'properties.creationTimeUtc', 'type': 'iso-8601'},
'security_task_parameters': {'key': 'properties.securityTaskParameters', 'type': 'SecurityTaskParameters'},
'last_state_change_time_utc': {'key': 'properties.lastStateChangeTimeUtc', 'type': 'iso-8601'},
'sub_state': {'key': 'properties.subState', 'type': 'str'},
}
def __init__(
self,
*,
security_task_parameters: Optional["SecurityTaskParameters"] = None,
**kwargs
):
super(SecurityTask, self).__init__(**kwargs)
self.state = None
self.creation_time_utc = None
self.security_task_parameters = security_task_parameters
self.last_state_change_time_utc = None
self.sub_state = None
[docs]class SecurityTaskList(msrest.serialization.Model):
"""List of security task recommendations.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar value:
:vartype value: list[~azure.mgmt.security.models.SecurityTask]
:ivar next_link: The URI to fetch the next page.
:vartype next_link: str
"""
_validation = {
'value': {'readonly': True},
'next_link': {'readonly': True},
}
_attribute_map = {
'value': {'key': 'value', 'type': '[SecurityTask]'},
'next_link': {'key': 'nextLink', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(SecurityTaskList, self).__init__(**kwargs)
self.value = None
self.next_link = None
[docs]class SecurityTaskParameters(msrest.serialization.Model):
"""Changing set of properties, depending on the task type that is derived from the name field.
Variables are only populated by the server, and will be ignored when sending a request.
:param additional_properties: Unmatched properties from the message are deserialized to this
collection.
:type additional_properties: dict[str, any]
:ivar name: Name of the task type.
:vartype name: str
"""
_validation = {
'name': {'readonly': True},
}
_attribute_map = {
'additional_properties': {'key': '', 'type': '{object}'},
'name': {'key': 'name', 'type': 'str'},
}
def __init__(
self,
*,
additional_properties: Optional[Dict[str, Any]] = None,
**kwargs
):
super(SecurityTaskParameters, self).__init__(**kwargs)
self.additional_properties = additional_properties
self.name = None
[docs]class SensitivityLabel(msrest.serialization.Model):
"""The sensitivity label.
:param display_name: The name of the sensitivity label.
:type display_name: str
:param description: The description of the sensitivity label.
:type description: str
:param rank: The rank of the sensitivity label. Possible values include: "None", "Low",
"Medium", "High", "Critical".
:type rank: str or ~azure.mgmt.security.models.Rank
:param order: The order of the sensitivity label.
:type order: int
:param enabled: Indicates whether the label is enabled or not.
:type enabled: bool
"""
_attribute_map = {
'display_name': {'key': 'displayName', 'type': 'str'},
'description': {'key': 'description', 'type': 'str'},
'rank': {'key': 'rank', 'type': 'str'},
'order': {'key': 'order', 'type': 'int'},
'enabled': {'key': 'enabled', 'type': 'bool'},
}
def __init__(
self,
*,
display_name: Optional[str] = None,
description: Optional[str] = None,
rank: Optional[Union[str, "Rank"]] = None,
order: Optional[int] = None,
enabled: Optional[bool] = None,
**kwargs
):
super(SensitivityLabel, self).__init__(**kwargs)
self.display_name = display_name
self.description = description
self.rank = rank
self.order = order
self.enabled = enabled
[docs]class ServerVulnerabilityAssessment(Resource):
"""Describes the server vulnerability assessment details on a resource.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:ivar provisioning_state: The provisioningState of the vulnerability assessment capability on
the VM. Possible values include: "Succeeded", "Failed", "Canceled", "Provisioning",
"Deprovisioning".
:vartype provisioning_state: str or
~azure.mgmt.security.models.ServerVulnerabilityAssessmentPropertiesProvisioningState
"""
_validation = {
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
'provisioning_state': {'readonly': True},
}
_attribute_map = {
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'provisioning_state': {'key': 'properties.provisioningState', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(ServerVulnerabilityAssessment, self).__init__(**kwargs)
self.provisioning_state = None
[docs]class ServerVulnerabilityAssessmentsList(msrest.serialization.Model):
"""List of server vulnerability assessments.
:param value:
:type value: list[~azure.mgmt.security.models.ServerVulnerabilityAssessment]
"""
_attribute_map = {
'value': {'key': 'value', 'type': '[ServerVulnerabilityAssessment]'},
}
def __init__(
self,
*,
value: Optional[List["ServerVulnerabilityAssessment"]] = None,
**kwargs
):
super(ServerVulnerabilityAssessmentsList, self).__init__(**kwargs)
self.value = value
[docs]class ServerVulnerabilityProperties(AdditionalData):
"""Additional context fields for server vulnerability assessment.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:param assessed_resource_type: Required. Sub-assessment resource type.Constant filled by
server. Possible values include: "SqlServerVulnerability", "ContainerRegistryVulnerability",
"ServerVulnerability".
:type assessed_resource_type: str or ~azure.mgmt.security.models.AssessedResourceType
:ivar type: Vulnerability Type. e.g: Vulnerability, Potential Vulnerability, Information
Gathered.
:vartype type: str
:ivar cvss: Dictionary from cvss version to cvss details object.
:vartype cvss: dict[str, ~azure.mgmt.security.models.CVSS]
:ivar patchable: Indicates whether a patch is available or not.
:vartype patchable: bool
:ivar cve: List of CVEs.
:vartype cve: list[~azure.mgmt.security.models.CVE]
:ivar threat: Threat name.
:vartype threat: str
:ivar published_time: Published time.
:vartype published_time: ~datetime.datetime
:ivar vendor_references:
:vartype vendor_references: list[~azure.mgmt.security.models.VendorReference]
"""
_validation = {
'assessed_resource_type': {'required': True},
'type': {'readonly': True},
'cvss': {'readonly': True},
'patchable': {'readonly': True},
'cve': {'readonly': True},
'threat': {'readonly': True},
'published_time': {'readonly': True},
'vendor_references': {'readonly': True},
}
_attribute_map = {
'assessed_resource_type': {'key': 'assessedResourceType', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'cvss': {'key': 'cvss', 'type': '{CVSS}'},
'patchable': {'key': 'patchable', 'type': 'bool'},
'cve': {'key': 'cve', 'type': '[CVE]'},
'threat': {'key': 'threat', 'type': 'str'},
'published_time': {'key': 'publishedTime', 'type': 'iso-8601'},
'vendor_references': {'key': 'vendorReferences', 'type': '[VendorReference]'},
}
def __init__(
self,
**kwargs
):
super(ServerVulnerabilityProperties, self).__init__(**kwargs)
self.assessed_resource_type = 'ServerVulnerabilityAssessment' # type: str
self.type = None
self.cvss = None
self.patchable = None
self.cve = None
self.threat = None
self.published_time = None
self.vendor_references = None
[docs]class ServicePrincipalProperties(msrest.serialization.Model):
"""Details of the service principal.
:param application_id: Application ID of service principal.
:type application_id: str
:param secret: A secret string that the application uses to prove its identity, also can be
referred to as application password (write only).
:type secret: str
"""
_attribute_map = {
'application_id': {'key': 'applicationId', 'type': 'str'},
'secret': {'key': 'secret', 'type': 'str'},
}
def __init__(
self,
*,
application_id: Optional[str] = None,
secret: Optional[str] = None,
**kwargs
):
super(ServicePrincipalProperties, self).__init__(**kwargs)
self.application_id = application_id
self.secret = secret
[docs]class SettingsList(msrest.serialization.Model):
"""Subscription settings list.
Variables are only populated by the server, and will be ignored when sending a request.
:param value: The settings list.
:type value: list[~azure.mgmt.security.models.Setting]
:ivar next_link: The URI to fetch the next page.
:vartype next_link: str
"""
_validation = {
'next_link': {'readonly': True},
}
_attribute_map = {
'value': {'key': 'value', 'type': '[Setting]'},
'next_link': {'key': 'nextLink', 'type': 'str'},
}
def __init__(
self,
*,
value: Optional[List["Setting"]] = None,
**kwargs
):
super(SettingsList, self).__init__(**kwargs)
self.value = value
self.next_link = None
[docs]class Software(Resource):
"""Represents a software data.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:param device_id: Unique identifier for the virtual machine in the service.
:type device_id: str
:param os_platform: Platform of the operating system running on the device.
:type os_platform: str
:param vendor: Name of the software vendor.
:type vendor: str
:param software_name: Name of the software product.
:type software_name: str
:param version: Version number of the software product.
:type version: str
:param end_of_support_status: End of support status. Possible values include: "None",
"noLongerSupported", "versionNoLongerSupported", "upcomingNoLongerSupported",
"upcomingVersionNoLongerSupported".
:type end_of_support_status: str or ~azure.mgmt.security.models.EndOfSupportStatus
:param end_of_support_date: The end of support date in case the product is upcoming end of
support.
:type end_of_support_date: str
:param number_of_known_vulnerabilities: Number of weaknesses.
:type number_of_known_vulnerabilities: int
:param first_seen_at: First time that the software was seen in the device.
:type first_seen_at: str
"""
_validation = {
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
}
_attribute_map = {
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'device_id': {'key': 'properties.deviceId', 'type': 'str'},
'os_platform': {'key': 'properties.osPlatform', 'type': 'str'},
'vendor': {'key': 'properties.vendor', 'type': 'str'},
'software_name': {'key': 'properties.softwareName', 'type': 'str'},
'version': {'key': 'properties.version', 'type': 'str'},
'end_of_support_status': {'key': 'properties.endOfSupportStatus', 'type': 'str'},
'end_of_support_date': {'key': 'properties.endOfSupportDate', 'type': 'str'},
'number_of_known_vulnerabilities': {'key': 'properties.numberOfKnownVulnerabilities', 'type': 'int'},
'first_seen_at': {'key': 'properties.firstSeenAt', 'type': 'str'},
}
def __init__(
self,
*,
device_id: Optional[str] = None,
os_platform: Optional[str] = None,
vendor: Optional[str] = None,
software_name: Optional[str] = None,
version: Optional[str] = None,
end_of_support_status: Optional[Union[str, "EndOfSupportStatus"]] = None,
end_of_support_date: Optional[str] = None,
number_of_known_vulnerabilities: Optional[int] = None,
first_seen_at: Optional[str] = None,
**kwargs
):
super(Software, self).__init__(**kwargs)
self.device_id = device_id
self.os_platform = os_platform
self.vendor = vendor
self.software_name = software_name
self.version = version
self.end_of_support_status = end_of_support_status
self.end_of_support_date = end_of_support_date
self.number_of_known_vulnerabilities = number_of_known_vulnerabilities
self.first_seen_at = first_seen_at
[docs]class SoftwaresList(msrest.serialization.Model):
"""Represents the software inventory of the virtual machine.
Variables are only populated by the server, and will be ignored when sending a request.
:param value:
:type value: list[~azure.mgmt.security.models.Software]
:ivar next_link: The URI to fetch the next page.
:vartype next_link: str
"""
_validation = {
'next_link': {'readonly': True},
}
_attribute_map = {
'value': {'key': 'value', 'type': '[Software]'},
'next_link': {'key': 'nextLink', 'type': 'str'},
}
def __init__(
self,
*,
value: Optional[List["Software"]] = None,
**kwargs
):
super(SoftwaresList, self).__init__(**kwargs)
self.value = value
self.next_link = None
[docs]class SqlServerVulnerabilityProperties(AdditionalData):
"""Details of the resource that was assessed.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:param assessed_resource_type: Required. Sub-assessment resource type.Constant filled by
server. Possible values include: "SqlServerVulnerability", "ContainerRegistryVulnerability",
"ServerVulnerability".
:type assessed_resource_type: str or ~azure.mgmt.security.models.AssessedResourceType
:ivar type: The resource type the sub assessment refers to in its resource details.
:vartype type: str
:ivar query: The T-SQL query that runs on your SQL database to perform the particular check.
:vartype query: str
"""
_validation = {
'assessed_resource_type': {'required': True},
'type': {'readonly': True},
'query': {'readonly': True},
}
_attribute_map = {
'assessed_resource_type': {'key': 'assessedResourceType', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'query': {'key': 'query', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(SqlServerVulnerabilityProperties, self).__init__(**kwargs)
self.assessed_resource_type = 'SqlServerVulnerability' # type: str
self.type = None
self.query = None
[docs]class SubAssessmentStatus(msrest.serialization.Model):
"""Status of the sub-assessment.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar code: Programmatic code for the status of the assessment. Possible values include:
"Healthy", "Unhealthy", "NotApplicable".
:vartype code: str or ~azure.mgmt.security.models.SubAssessmentStatusCode
:ivar cause: Programmatic code for the cause of the assessment status.
:vartype cause: str
:ivar description: Human readable description of the assessment status.
:vartype description: str
:ivar severity: The sub-assessment severity level. Possible values include: "Low", "Medium",
"High".
:vartype severity: str or ~azure.mgmt.security.models.Severity
"""
_validation = {
'code': {'readonly': True},
'cause': {'readonly': True},
'description': {'readonly': True},
'severity': {'readonly': True},
}
_attribute_map = {
'code': {'key': 'code', 'type': 'str'},
'cause': {'key': 'cause', 'type': 'str'},
'description': {'key': 'description', 'type': 'str'},
'severity': {'key': 'severity', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(SubAssessmentStatus, self).__init__(**kwargs)
self.code = None
self.cause = None
self.description = None
self.severity = None
[docs]class SuppressionAlertsScope(msrest.serialization.Model):
"""SuppressionAlertsScope.
All required parameters must be populated in order to send to Azure.
:param all_of: Required. All the conditions inside need to be true in order to suppress the
alert.
:type all_of: list[~azure.mgmt.security.models.ScopeElement]
"""
_validation = {
'all_of': {'required': True},
}
_attribute_map = {
'all_of': {'key': 'allOf', 'type': '[ScopeElement]'},
}
def __init__(
self,
*,
all_of: List["ScopeElement"],
**kwargs
):
super(SuppressionAlertsScope, self).__init__(**kwargs)
self.all_of = all_of
[docs]class SystemData(msrest.serialization.Model):
"""Metadata pertaining to creation and last modification of the resource.
:param created_by: The identity that created the resource.
:type created_by: str
:param created_by_type: The type of identity that created the resource. Possible values
include: "User", "Application", "ManagedIdentity", "Key".
:type created_by_type: str or ~azure.mgmt.security.models.CreatedByType
:param created_at: The timestamp of resource creation (UTC).
:type created_at: ~datetime.datetime
:param last_modified_by: The identity that last modified the resource.
:type last_modified_by: str
:param last_modified_by_type: The type of identity that last modified the resource. Possible
values include: "User", "Application", "ManagedIdentity", "Key".
:type last_modified_by_type: str or ~azure.mgmt.security.models.CreatedByType
:param last_modified_at: The timestamp of resource last modification (UTC).
:type last_modified_at: ~datetime.datetime
"""
_attribute_map = {
'created_by': {'key': 'createdBy', 'type': 'str'},
'created_by_type': {'key': 'createdByType', 'type': 'str'},
'created_at': {'key': 'createdAt', 'type': 'iso-8601'},
'last_modified_by': {'key': 'lastModifiedBy', 'type': 'str'},
'last_modified_by_type': {'key': 'lastModifiedByType', 'type': 'str'},
'last_modified_at': {'key': 'lastModifiedAt', 'type': 'iso-8601'},
}
def __init__(
self,
*,
created_by: Optional[str] = None,
created_by_type: Optional[Union[str, "CreatedByType"]] = None,
created_at: Optional[datetime.datetime] = None,
last_modified_by: Optional[str] = None,
last_modified_by_type: Optional[Union[str, "CreatedByType"]] = None,
last_modified_at: Optional[datetime.datetime] = None,
**kwargs
):
super(SystemData, self).__init__(**kwargs)
self.created_by = created_by
self.created_by_type = created_by_type
self.created_at = created_at
self.last_modified_by = last_modified_by
self.last_modified_by_type = last_modified_by_type
self.last_modified_at = last_modified_at
[docs]class TopologyList(msrest.serialization.Model):
"""TopologyList.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar value:
:vartype value: list[~azure.mgmt.security.models.TopologyResource]
:ivar next_link: The URI to fetch the next page.
:vartype next_link: str
"""
_validation = {
'value': {'readonly': True},
'next_link': {'readonly': True},
}
_attribute_map = {
'value': {'key': 'value', 'type': '[TopologyResource]'},
'next_link': {'key': 'nextLink', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(TopologyList, self).__init__(**kwargs)
self.value = None
self.next_link = None
[docs]class TopologyResource(Resource, Location):
"""TopologyResource.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar location: Location where the resource is stored.
:vartype location: str
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:ivar calculated_date_time: The UTC time on which the topology was calculated.
:vartype calculated_date_time: ~datetime.datetime
:ivar topology_resources: Azure resources which are part of this topology resource.
:vartype topology_resources: list[~azure.mgmt.security.models.TopologySingleResource]
"""
_validation = {
'location': {'readonly': True},
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
'calculated_date_time': {'readonly': True},
'topology_resources': {'readonly': True},
}
_attribute_map = {
'location': {'key': 'location', 'type': 'str'},
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'calculated_date_time': {'key': 'properties.calculatedDateTime', 'type': 'iso-8601'},
'topology_resources': {'key': 'properties.topologyResources', 'type': '[TopologySingleResource]'},
}
def __init__(
self,
**kwargs
):
super(TopologyResource, self).__init__(**kwargs)
self.location = None
self.calculated_date_time = None
self.topology_resources = None
self.id = None
self.name = None
self.type = None
self.calculated_date_time = None
self.topology_resources = None
[docs]class TopologySingleResource(msrest.serialization.Model):
"""TopologySingleResource.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar resource_id: Azure resource id.
:vartype resource_id: str
:ivar severity: The security severity of the resource.
:vartype severity: str
:ivar recommendations_exist: Indicates if the resource has security recommendations.
:vartype recommendations_exist: bool
:ivar network_zones: Indicates the resource connectivity level to the Internet (InternetFacing,
Internal ,etc.).
:vartype network_zones: str
:ivar topology_score: Score of the resource based on its security severity.
:vartype topology_score: int
:ivar location: The location of this resource.
:vartype location: str
:ivar parents: Azure resources connected to this resource which are in higher level in the
topology view.
:vartype parents: list[~azure.mgmt.security.models.TopologySingleResourceParent]
:ivar children: Azure resources connected to this resource which are in lower level in the
topology view.
:vartype children: list[~azure.mgmt.security.models.TopologySingleResourceChild]
"""
_validation = {
'resource_id': {'readonly': True},
'severity': {'readonly': True},
'recommendations_exist': {'readonly': True},
'network_zones': {'readonly': True},
'topology_score': {'readonly': True},
'location': {'readonly': True},
'parents': {'readonly': True},
'children': {'readonly': True},
}
_attribute_map = {
'resource_id': {'key': 'resourceId', 'type': 'str'},
'severity': {'key': 'severity', 'type': 'str'},
'recommendations_exist': {'key': 'recommendationsExist', 'type': 'bool'},
'network_zones': {'key': 'networkZones', 'type': 'str'},
'topology_score': {'key': 'topologyScore', 'type': 'int'},
'location': {'key': 'location', 'type': 'str'},
'parents': {'key': 'parents', 'type': '[TopologySingleResourceParent]'},
'children': {'key': 'children', 'type': '[TopologySingleResourceChild]'},
}
def __init__(
self,
**kwargs
):
super(TopologySingleResource, self).__init__(**kwargs)
self.resource_id = None
self.severity = None
self.recommendations_exist = None
self.network_zones = None
self.topology_score = None
self.location = None
self.parents = None
self.children = None
[docs]class TopologySingleResourceChild(msrest.serialization.Model):
"""TopologySingleResourceChild.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar resource_id: Azure resource id which serves as child resource in topology view.
:vartype resource_id: str
"""
_validation = {
'resource_id': {'readonly': True},
}
_attribute_map = {
'resource_id': {'key': 'resourceId', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(TopologySingleResourceChild, self).__init__(**kwargs)
self.resource_id = None
[docs]class TopologySingleResourceParent(msrest.serialization.Model):
"""TopologySingleResourceParent.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar resource_id: Azure resource id which serves as parent resource in topology view.
:vartype resource_id: str
"""
_validation = {
'resource_id': {'readonly': True},
}
_attribute_map = {
'resource_id': {'key': 'resourceId', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(TopologySingleResourceParent, self).__init__(**kwargs)
self.resource_id = None
[docs]class TwinUpdatesNotInAllowedRange(TimeWindowCustomAlertRule):
"""Number of twin updates is not in allowed range.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:ivar display_name: The display name of the custom alert.
:vartype display_name: str
:ivar description: The description of the custom alert.
:vartype description: str
:param is_enabled: Required. Status of the custom alert.
:type is_enabled: bool
:param rule_type: Required. The type of the custom alert rule.Constant filled by server.
:type rule_type: str
:param min_threshold: Required. The minimum threshold.
:type min_threshold: int
:param max_threshold: Required. The maximum threshold.
:type max_threshold: int
:param time_window_size: Required. The time window size in iso8601 format.
:type time_window_size: ~datetime.timedelta
"""
_validation = {
'display_name': {'readonly': True},
'description': {'readonly': True},
'is_enabled': {'required': True},
'rule_type': {'required': True},
'min_threshold': {'required': True},
'max_threshold': {'required': True},
'time_window_size': {'required': True},
}
_attribute_map = {
'display_name': {'key': 'displayName', 'type': 'str'},
'description': {'key': 'description', 'type': 'str'},
'is_enabled': {'key': 'isEnabled', 'type': 'bool'},
'rule_type': {'key': 'ruleType', 'type': 'str'},
'min_threshold': {'key': 'minThreshold', 'type': 'int'},
'max_threshold': {'key': 'maxThreshold', 'type': 'int'},
'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'},
}
def __init__(
self,
*,
is_enabled: bool,
min_threshold: int,
max_threshold: int,
time_window_size: datetime.timedelta,
**kwargs
):
super(TwinUpdatesNotInAllowedRange, self).__init__(is_enabled=is_enabled, min_threshold=min_threshold, max_threshold=max_threshold, time_window_size=time_window_size, **kwargs)
self.rule_type = 'TwinUpdatesNotInAllowedRange' # type: str
[docs]class UnauthorizedOperationsNotInAllowedRange(TimeWindowCustomAlertRule):
"""Number of unauthorized operations is not in allowed range.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:ivar display_name: The display name of the custom alert.
:vartype display_name: str
:ivar description: The description of the custom alert.
:vartype description: str
:param is_enabled: Required. Status of the custom alert.
:type is_enabled: bool
:param rule_type: Required. The type of the custom alert rule.Constant filled by server.
:type rule_type: str
:param min_threshold: Required. The minimum threshold.
:type min_threshold: int
:param max_threshold: Required. The maximum threshold.
:type max_threshold: int
:param time_window_size: Required. The time window size in iso8601 format.
:type time_window_size: ~datetime.timedelta
"""
_validation = {
'display_name': {'readonly': True},
'description': {'readonly': True},
'is_enabled': {'required': True},
'rule_type': {'required': True},
'min_threshold': {'required': True},
'max_threshold': {'required': True},
'time_window_size': {'required': True},
}
_attribute_map = {
'display_name': {'key': 'displayName', 'type': 'str'},
'description': {'key': 'description', 'type': 'str'},
'is_enabled': {'key': 'isEnabled', 'type': 'bool'},
'rule_type': {'key': 'ruleType', 'type': 'str'},
'min_threshold': {'key': 'minThreshold', 'type': 'int'},
'max_threshold': {'key': 'maxThreshold', 'type': 'int'},
'time_window_size': {'key': 'timeWindowSize', 'type': 'duration'},
}
def __init__(
self,
*,
is_enabled: bool,
min_threshold: int,
max_threshold: int,
time_window_size: datetime.timedelta,
**kwargs
):
super(UnauthorizedOperationsNotInAllowedRange, self).__init__(is_enabled=is_enabled, min_threshold=min_threshold, max_threshold=max_threshold, time_window_size=time_window_size, **kwargs)
self.rule_type = 'UnauthorizedOperationsNotInAllowedRange' # type: str
[docs]class UpdateIotSecuritySolutionData(TagsResource):
"""UpdateIotSecuritySolutionData.
:param tags: A set of tags. Resource tags.
:type tags: dict[str, str]
:param user_defined_resources: Properties of the IoT Security solution's user defined
resources.
:type user_defined_resources: ~azure.mgmt.security.models.UserDefinedResourcesProperties
:param recommendations_configuration: List of the configuration status for each recommendation
type.
:type recommendations_configuration:
list[~azure.mgmt.security.models.RecommendationConfigurationProperties]
"""
_attribute_map = {
'tags': {'key': 'tags', 'type': '{str}'},
'user_defined_resources': {'key': 'properties.userDefinedResources', 'type': 'UserDefinedResourcesProperties'},
'recommendations_configuration': {'key': 'properties.recommendationsConfiguration', 'type': '[RecommendationConfigurationProperties]'},
}
def __init__(
self,
*,
tags: Optional[Dict[str, str]] = None,
user_defined_resources: Optional["UserDefinedResourcesProperties"] = None,
recommendations_configuration: Optional[List["RecommendationConfigurationProperties"]] = None,
**kwargs
):
super(UpdateIotSecuritySolutionData, self).__init__(tags=tags, **kwargs)
self.user_defined_resources = user_defined_resources
self.recommendations_configuration = recommendations_configuration
[docs]class UserDefinedResourcesProperties(msrest.serialization.Model):
"""Properties of the IoT Security solution's user defined resources.
All required parameters must be populated in order to send to Azure.
:param query: Required. Azure Resource Graph query which represents the security solution's
user defined resources. Required to start with "where type != "Microsoft.Devices/IotHubs"".
:type query: str
:param query_subscriptions: Required. List of Azure subscription ids on which the user defined
resources query should be executed.
:type query_subscriptions: list[str]
"""
_validation = {
'query': {'required': True},
'query_subscriptions': {'required': True},
}
_attribute_map = {
'query': {'key': 'query', 'type': 'str'},
'query_subscriptions': {'key': 'querySubscriptions', 'type': '[str]'},
}
def __init__(
self,
*,
query: str,
query_subscriptions: List[str],
**kwargs
):
super(UserDefinedResourcesProperties, self).__init__(**kwargs)
self.query = query
self.query_subscriptions = query_subscriptions
[docs]class UserRecommendation(msrest.serialization.Model):
"""Represents a user that is recommended to be allowed for a certain rule.
:param username: Represents a user that is recommended to be allowed for a certain rule.
:type username: str
:param recommendation_action: The recommendation action of the machine or rule. Possible values
include: "Recommended", "Add", "Remove".
:type recommendation_action: str or ~azure.mgmt.security.models.RecommendationAction
"""
_attribute_map = {
'username': {'key': 'username', 'type': 'str'},
'recommendation_action': {'key': 'recommendationAction', 'type': 'str'},
}
def __init__(
self,
*,
username: Optional[str] = None,
recommendation_action: Optional[Union[str, "RecommendationAction"]] = None,
**kwargs
):
super(UserRecommendation, self).__init__(**kwargs)
self.username = username
self.recommendation_action = recommendation_action
[docs]class VaRule(msrest.serialization.Model):
"""vulnerability assessment rule metadata details.
:param rule_id: The rule Id.
:type rule_id: str
:param severity: The rule severity. Possible values include: "High", "Medium", "Low",
"Informational", "Obsolete".
:type severity: str or ~azure.mgmt.security.models.RuleSeverity
:param category: The rule category.
:type category: str
:param rule_type: The rule type. Possible values include: "Binary", "BaselineExpected",
"PositiveList", "NegativeList".
:type rule_type: str or ~azure.mgmt.security.models.RuleType
:param title: The rule title.
:type title: str
:param description: The rule description.
:type description: str
:param rationale: The rule rationale.
:type rationale: str
:param query_check: The rule query details.
:type query_check: ~azure.mgmt.security.models.QueryCheck
:param benchmark_references: The benchmark references.
:type benchmark_references: list[~azure.mgmt.security.models.BenchmarkReference]
"""
_attribute_map = {
'rule_id': {'key': 'ruleId', 'type': 'str'},
'severity': {'key': 'severity', 'type': 'str'},
'category': {'key': 'category', 'type': 'str'},
'rule_type': {'key': 'ruleType', 'type': 'str'},
'title': {'key': 'title', 'type': 'str'},
'description': {'key': 'description', 'type': 'str'},
'rationale': {'key': 'rationale', 'type': 'str'},
'query_check': {'key': 'queryCheck', 'type': 'QueryCheck'},
'benchmark_references': {'key': 'benchmarkReferences', 'type': '[BenchmarkReference]'},
}
def __init__(
self,
*,
rule_id: Optional[str] = None,
severity: Optional[Union[str, "RuleSeverity"]] = None,
category: Optional[str] = None,
rule_type: Optional[Union[str, "RuleType"]] = None,
title: Optional[str] = None,
description: Optional[str] = None,
rationale: Optional[str] = None,
query_check: Optional["QueryCheck"] = None,
benchmark_references: Optional[List["BenchmarkReference"]] = None,
**kwargs
):
super(VaRule, self).__init__(**kwargs)
self.rule_id = rule_id
self.severity = severity
self.category = category
self.rule_type = rule_type
self.title = title
self.description = description
self.rationale = rationale
self.query_check = query_check
self.benchmark_references = benchmark_references
[docs]class VendorReference(msrest.serialization.Model):
"""Vendor reference.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar title: Link title.
:vartype title: str
:ivar link: Link url.
:vartype link: str
"""
_validation = {
'title': {'readonly': True},
'link': {'readonly': True},
}
_attribute_map = {
'title': {'key': 'title', 'type': 'str'},
'link': {'key': 'link', 'type': 'str'},
}
def __init__(
self,
**kwargs
):
super(VendorReference, self).__init__(**kwargs)
self.title = None
self.link = None
[docs]class VmRecommendation(msrest.serialization.Model):
"""Represents a machine that is part of a machine group.
:param configuration_status: The configuration status of the machines group or machine or rule.
Possible values include: "Configured", "NotConfigured", "InProgress", "Failed", "NoStatus".
:type configuration_status: str or ~azure.mgmt.security.models.ConfigurationStatus
:param recommendation_action: The recommendation action of the machine or rule. Possible values
include: "Recommended", "Add", "Remove".
:type recommendation_action: str or ~azure.mgmt.security.models.RecommendationAction
:param resource_id: The full resource id of the machine.
:type resource_id: str
:param enforcement_support: The machine supportability of Enforce feature. Possible values
include: "Supported", "NotSupported", "Unknown".
:type enforcement_support: str or ~azure.mgmt.security.models.EnforcementSupport
"""
_attribute_map = {
'configuration_status': {'key': 'configurationStatus', 'type': 'str'},
'recommendation_action': {'key': 'recommendationAction', 'type': 'str'},
'resource_id': {'key': 'resourceId', 'type': 'str'},
'enforcement_support': {'key': 'enforcementSupport', 'type': 'str'},
}
def __init__(
self,
*,
configuration_status: Optional[Union[str, "ConfigurationStatus"]] = None,
recommendation_action: Optional[Union[str, "RecommendationAction"]] = None,
resource_id: Optional[str] = None,
enforcement_support: Optional[Union[str, "EnforcementSupport"]] = None,
**kwargs
):
super(VmRecommendation, self).__init__(**kwargs)
self.configuration_status = configuration_status
self.recommendation_action = recommendation_action
self.resource_id = resource_id
self.enforcement_support = enforcement_support
[docs]class WorkspaceSetting(Resource):
"""Configures where to store the OMS agent data for workspaces under a scope.
Variables are only populated by the server, and will be ignored when sending a request.
:ivar id: Resource Id.
:vartype id: str
:ivar name: Resource name.
:vartype name: str
:ivar type: Resource type.
:vartype type: str
:param workspace_id: The full Azure ID of the workspace to save the data in.
:type workspace_id: str
:param scope: All the VMs in this scope will send their security data to the mentioned
workspace unless overridden by a setting with more specific scope.
:type scope: str
"""
_validation = {
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
}
_attribute_map = {
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'workspace_id': {'key': 'properties.workspaceId', 'type': 'str'},
'scope': {'key': 'properties.scope', 'type': 'str'},
}
def __init__(
self,
*,
workspace_id: Optional[str] = None,
scope: Optional[str] = None,
**kwargs
):
super(WorkspaceSetting, self).__init__(**kwargs)
self.workspace_id = workspace_id
self.scope = scope
[docs]class WorkspaceSettingList(msrest.serialization.Model):
"""List of workspace settings response.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
:param value: Required. List of workspace settings.
:type value: list[~azure.mgmt.security.models.WorkspaceSetting]
:ivar next_link: The URI to fetch the next page.
:vartype next_link: str
"""
_validation = {
'value': {'required': True},
'next_link': {'readonly': True},
}
_attribute_map = {
'value': {'key': 'value', 'type': '[WorkspaceSetting]'},
'next_link': {'key': 'nextLink', 'type': 'str'},
}
def __init__(
self,
*,
value: List["WorkspaceSetting"],
**kwargs
):
super(WorkspaceSettingList, self).__init__(**kwargs)
self.value = value
self.next_link = None