azure.mgmt.security.models module¶

class azure.mgmt.security.models.AadConnectivityState(*, connectivity_state: Optional[str] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

Describes an Azure resource with kind.

Parameters: connectivity_state (str or AadConnectivityStateEnum) – The connectivity state of the external AAD solution. Possible values include: “Discovered”, “NotLicensed”, “Connected”.

class azure.mgmt.security.models.AadConnectivityStateEnum(value)[source]¶

Bases: str, enum.Enum

The connectivity state of the external AAD solution

CONNECTED = 'Connected'¶

DISCOVERED = 'Discovered'¶

NOT_LICENSED = 'NotLicensed'¶

class azure.mgmt.security.models.AadExternalSecuritySolution(*, kind: Optional[str] = None, properties: Optional[azure.mgmt.security.models._models_py3.AadSolutionProperties] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.ExternalSecuritySolution

Represents an AAD identity protection solution which sends logs to an OMS workspace.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters

kind (str or ExternalSecuritySolutionKindEnum) – The kind of the external solution. Possible values include: “CEF”, “ATA”, “AAD”.
properties (AadSolutionProperties) – The external security solution properties for AAD solutions.

Variables

location (str) – Location where the resource is stored.
id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.

class azure.mgmt.security.models.AadSolutionProperties(*, connectivity_state: Optional[str] = None, additional_properties: Optional[Dict[str, Any]] = None, device_vendor: Optional[str] = None, device_type: Optional[str] = None, workspace: Optional[azure.mgmt.security.models._models_py3.ConnectedWorkspace] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.ExternalSecuritySolutionProperties, azure.mgmt.security.models._models_py3.AadConnectivityState

The external security solution properties for AAD solutions.

Parameters

connectivity_state (str or AadConnectivityStateEnum) – The connectivity state of the external AAD solution. Possible values include: “Discovered”, “NotLicensed”, “Connected”.
additional_properties (dict[str, any]) – Unmatched properties from the message are deserialized to this collection.
device_vendor (str) –
device_type (str) –
workspace (ConnectedWorkspace) – Represents an OMS workspace to which the solution is connected.

class azure.mgmt.security.models.ActionType(value)[source]¶

Bases: str, enum.Enum

The type of the action that will be triggered by the Automation

EVENT_HUB = 'EventHub'¶

LOGIC_APP = 'LogicApp'¶

WORKSPACE = 'Workspace'¶

class azure.mgmt.security.models.ActiveConnectionsNotInAllowedRange(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size: datetime.timedelta, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule

Number of active connections is not in allowed range.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

display_name (str) – The display name of the custom alert.
description (str) – The description of the custom alert.

Parameters

is_enabled (bool) – Required. Status of the custom alert.
rule_type (str) – Required. The type of the custom alert rule.Constant filled by server.
min_threshold (int) – Required. The minimum threshold.
max_threshold (int) – Required. The maximum threshold.
time_window_size (timedelta) – Required. The time window size in iso8601 format.

class azure.mgmt.security.models.AdaptiveApplicationControlGroup(*, enforcement_mode: Optional[str] = None, protection_mode: Optional[azure.mgmt.security.models._models_py3.ProtectionMode] = None, vm_recommendations: Optional[List[azure.mgmt.security.models._models_py3.VmRecommendation]] = None, path_recommendations: Optional[List[azure.mgmt.security.models._models_py3.PathRecommendation]] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource, azure.mgmt.security.models._models_py3.Location

AdaptiveApplicationControlGroup.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

location (str) – Location where the resource is stored.
id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.
configuration_status (str or ConfigurationStatus) – The configuration status of the machines group or machine or rule. Possible values include: “Configured”, “NotConfigured”, “InProgress”, “Failed”, “NoStatus”.
recommendation_status (str or RecommendationStatus) – The initial recommendation status of the machine group or machine. Possible values include: “Recommended”, “NotRecommended”, “NotAvailable”, “NoStatus”.
issues (list[AdaptiveApplicationControlIssueSummary]) –
source_system (str or SourceSystem) – The source type of the machine group. Possible values include: “Azure_AppLocker”, “Azure_AuditD”, “NonAzure_AppLocker”, “NonAzure_AuditD”, “None”.

Parameters

enforcement_mode (str or EnforcementMode) – The application control policy enforcement/protection mode of the machine group. Possible values include: “Audit”, “Enforce”, “None”.
protection_mode (ProtectionMode) – The protection mode of the collection/file types. Exe/Msi/Script are used for Windows, Executable is used for Linux.
vm_recommendations (list[VmRecommendation]) –
path_recommendations (list[PathRecommendation]) –

class azure.mgmt.security.models.AdaptiveApplicationControlGroups(*, value: Optional[List[azure.mgmt.security.models._models_py3.AdaptiveApplicationControlGroup]] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

Represents a list of machine groups and set of rules that are recommended by Azure Security Center to be allowed.

Parameters: value (list[AdaptiveApplicationControlGroup]) –

class azure.mgmt.security.models.AdaptiveApplicationControlIssue(value)[source]¶

Bases: str, enum.Enum

An alert that machines within a group can have

EXECUTABLE_VIOLATIONS_AUDITED = 'ExecutableViolationsAudited'¶

MSI_AND_SCRIPT_VIOLATIONS_AUDITED = 'MsiAndScriptViolationsAudited'¶

MSI_AND_SCRIPT_VIOLATIONS_BLOCKED = 'MsiAndScriptViolationsBlocked'¶

RULES_VIOLATED_MANUALLY = 'RulesViolatedManually'¶

VIOLATIONS_AUDITED = 'ViolationsAudited'¶

VIOLATIONS_BLOCKED = 'ViolationsBlocked'¶

class azure.mgmt.security.models.AdaptiveApplicationControlIssueSummary(*, issue: Optional[str] = None, number_of_vms: Optional[float] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

Represents a summary of the alerts of the machine group.

Parameters

issue (str or AdaptiveApplicationControlIssue) – An alert that machines within a group can have. Possible values include: “ViolationsAudited”, “ViolationsBlocked”, “MsiAndScriptViolationsAudited”, “MsiAndScriptViolationsBlocked”, “ExecutableViolationsAudited”, “RulesViolatedManually”.
number_of_vms (float) – The number of machines in the group that have this alert.

class azure.mgmt.security.models.AdaptiveNetworkHardening(*, rules: Optional[List[azure.mgmt.security.models._models_py3.Rule]] = None, rules_calculation_time: Optional[datetime.datetime] = None, effective_network_security_groups: Optional[List[azure.mgmt.security.models._models_py3.EffectiveNetworkSecurityGroups]] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource

The resource whose properties describes the Adaptive Network Hardening settings for some Azure resource.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.

Parameters

rules (list[Rule]) – The security rules which are recommended to be effective on the VM.
rules_calculation_time (datetime) – The UTC time on which the rules were calculated.
effective_network_security_groups (list[EffectiveNetworkSecurityGroups]) – The Network Security Groups effective on the network interfaces of the protected resource.

class azure.mgmt.security.models.AdaptiveNetworkHardeningEnforceRequest(*, rules: List[azure.mgmt.security.models._models_py3.Rule], network_security_groups: List[str], **kwargs)[source]¶

Bases: msrest.serialization.Model

AdaptiveNetworkHardeningEnforceRequest.

All required parameters must be populated in order to send to Azure.

Parameters

rules (list[Rule]) – Required. The rules to enforce.
network_security_groups (list[str]) – Required. The Azure resource IDs of the effective network security groups that will be updated with the created security rules from the Adaptive Network Hardening rules.

class azure.mgmt.security.models.AdaptiveNetworkHardeningsList(*, value: Optional[List[azure.mgmt.security.models._models_py3.AdaptiveNetworkHardening]] = None, next_link: Optional[str] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

Response for ListAdaptiveNetworkHardenings API service call.

Parameters

value (list[AdaptiveNetworkHardening]) – A list of Adaptive Network Hardenings resources.
next_link (str) – The URL to get the next set of results.

class azure.mgmt.security.models.AdditionalData(**kwargs)[source]¶

Bases: msrest.serialization.Model

Details of the sub-assessment.

You probably want to use the sub-classes and not this class directly. Known sub-classes are: ContainerRegistryVulnerabilityProperties, ServerVulnerabilityProperties, SqlServerVulnerabilityProperties.

All required parameters must be populated in order to send to Azure.

Parameters: assessed_resource_type (str or AssessedResourceType) – Required. Sub-assessment resource type.Constant filled by server. Possible values include: “SqlServerVulnerability”, “ContainerRegistryVulnerability”, “ServerVulnerability”.

class azure.mgmt.security.models.AdditionalWorkspaceDataType(value)[source]¶

Bases: str, enum.Enum

Data types sent to workspace.

ALERTS = 'Alerts'¶

RAW_EVENTS = 'RawEvents'¶

class azure.mgmt.security.models.AdditionalWorkspaceType(value)[source]¶

Bases: str, enum.Enum

Workspace type.

SENTINEL = 'Sentinel'¶

class azure.mgmt.security.models.AdditionalWorkspacesProperties(*, workspace: Optional[str] = None, type: Optional[str] = 'Sentinel', data_types: Optional[List[str]] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

Properties of the additional workspaces.

Parameters

workspace (str) – Workspace resource id.
type (str or AdditionalWorkspaceType) – Workspace type. Possible values include: “Sentinel”. Default value: “Sentinel”.
data_types (list[str or AdditionalWorkspaceDataType]) – List of data types sent to workspace.

class azure.mgmt.security.models.AdvancedThreatProtectionSetting(*, is_enabled: Optional[bool] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource

The Advanced Threat Protection resource.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.

Parameters

is_enabled (bool) – Indicates whether Advanced Threat Protection is enabled.

class azure.mgmt.security.models.Alert(*, extended_properties: Optional[Dict[str, str]] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource

Security alert.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.
alert_type (str) – Unique identifier for the detection logic (all alert instances from the same detection logic will have the same alertType).
system_alert_id (str) – Unique identifier for the alert.
product_component_name (str) – The name of Azure Security Center pricing tier which powering this alert. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-pricing.
alert_display_name (str) – The display name of the alert.
description (str) – Description of the suspicious activity that was detected.
severity (str or AlertSeverity) – The risk level of the threat that was detected. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-alerts-overview#how-are-alerts-classified. Possible values include: “Informational”, “Low”, “Medium”, “High”.
intent (str or Intent) – The kill chain related intent behind the alert. For list of supported values, and explanations of Azure Security Center’s supported kill chain intents. Possible values include: “Unknown”, “PreAttack”, “InitialAccess”, “Persistence”, “PrivilegeEscalation”, “DefenseEvasion”, “CredentialAccess”, “Discovery”, “LateralMovement”, “Execution”, “Collection”, “Exfiltration”, “CommandAndControl”, “Impact”, “Probing”, “Exploitation”.
start_time_utc (datetime) – The UTC time of the first event or activity included in the alert in ISO8601 format.
end_time_utc (datetime) – The UTC time of the last event or activity included in the alert in ISO8601 format.
resource_identifiers (list[ResourceIdentifier]) – The resource identifiers that can be used to direct the alert to the right product exposure group (tenant, workspace, subscription etc.). There can be multiple identifiers of different type per alert.
remediation_steps (list[str]) – Manual action items to take to remediate the alert.
vendor_name (str) – The name of the vendor that raises the alert.
status (str or AlertStatus) – The life cycle status of the alert. Possible values include: “Active”, “Resolved”, “Dismissed”.
extended_links (list[dict[str, str]]) – Links related to the alert.
alert_uri (str) – A direct link to the alert page in Azure Portal.
time_generated_utc (datetime) – The UTC time the alert was generated in ISO8601 format.
product_name (str) – The name of the product which published this alert (Azure Security Center, Azure ATP, Microsoft Defender ATP, O365 ATP, MCAS, and so on).
processing_end_time_utc (datetime) – The UTC processing end time of the alert in ISO8601 format.
entities (list[AlertEntity]) – A list of entities related to the alert.
is_incident (bool) – This field determines whether the alert is an incident (a compound grouping of several alerts) or a single alert.
correlation_key (str) – Key for corelating related alerts. Alerts with the same correlation key considered to be related.
compromised_entity (str) – The display name of the resource most related to this alert.

Parameters

extended_properties (dict[str, str]) – Custom properties for the alert.

class azure.mgmt.security.models.AlertEntity(*, additional_properties: Optional[Dict[str, Any]] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

Changing set of properties depending on the entity type.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters: additional_properties (dict[str, any]) – Unmatched properties from the message are deserialized to this collection.
Variables: type (str) – Type of entity.

class azure.mgmt.security.models.AlertList(*, value: Optional[List[azure.mgmt.security.models._models_py3.Alert]] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

List of security alerts.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters: value (list[Alert]) – describes security alert properties.
Variables: next_link (str) – The URI to fetch the next page.

class azure.mgmt.security.models.AlertNotifications(value)[source]¶

Bases: str, enum.Enum

Whether to send security alerts notifications to the security contact

OFF = 'Off'¶: Don’t get notifications on new alerts.

ON = 'On'¶: Get notifications on new alerts.

class azure.mgmt.security.models.AlertSeverity(value)[source]¶

Bases: str, enum.Enum

The risk level of the threat that was detected. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-alerts-overview#how-are-alerts-classified.

HIGH = 'High'¶: High.

INFORMATIONAL = 'Informational'¶: Informational.

LOW = 'Low'¶: Low.

MEDIUM = 'Medium'¶: Medium.

class azure.mgmt.security.models.AlertSimulatorBundlesRequestProperties(*, additional_properties: Optional[Dict[str, Any]] = None, bundles: Optional[List[str]] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.AlertSimulatorRequestProperties

Simulate alerts according to this bundles.

All required parameters must be populated in order to send to Azure.

Parameters

additional_properties (dict[str, any]) – Unmatched properties from the message are deserialized to this collection.
kind (str or KindEnum) – Required. The kind of alert simulation.Constant filled by server. Possible values include: “Bundles”.
bundles (list[str or BundleType]) – Bundles list.

class azure.mgmt.security.models.AlertSimulatorRequestBody(*, properties: Optional[azure.mgmt.security.models._models_py3.AlertSimulatorRequestProperties] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

Alert Simulator request body.

Parameters: properties (AlertSimulatorRequestProperties) – Alert Simulator request body data.

class azure.mgmt.security.models.AlertSimulatorRequestProperties(*, additional_properties: Optional[Dict[str, Any]] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

Describes properties of an alert simulation request.

You probably want to use the sub-classes and not this class directly. Known sub-classes are: AlertSimulatorBundlesRequestProperties.

All required parameters must be populated in order to send to Azure.

Parameters

additional_properties (dict[str, any]) – Unmatched properties from the message are deserialized to this collection.
kind (str or KindEnum) – Required. The kind of alert simulation.Constant filled by server. Possible values include: “Bundles”.

class azure.mgmt.security.models.AlertStatus(value)[source]¶

Bases: str, enum.Enum

The life cycle status of the alert.

ACTIVE = 'Active'¶: An alert which doesn’t specify a value is assigned the status ‘Active’.

DISMISSED = 'Dismissed'¶: Alert dismissed as false positive.

RESOLVED = 'Resolved'¶: Alert closed after handling.

class azure.mgmt.security.models.AlertSyncSettings(*, enabled: Optional[bool] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Setting

Represents an alert sync setting.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.

Parameters

kind (str or SettingKind) – Required. the kind of the settings string.Constant filled by server. Possible values include: “DataExportSettings”, “AlertSuppressionSetting”, “AlertSyncSettings”.
enabled (bool) – Is the alert sync setting enabled.

class azure.mgmt.security.models.AlertsSuppressionRule(*, alert_type: Optional[str] = None, expiration_date_utc: Optional[datetime.datetime] = None, reason: Optional[str] = None, state: Optional[str] = None, comment: Optional[str] = None, suppression_alerts_scope: Optional[azure.mgmt.security.models._models_py3.SuppressionAlertsScope] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource

Describes the suppression rule.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.
last_modified_utc (datetime) – The last time this rule was modified.

Parameters

alert_type (str) – Type of the alert to automatically suppress. For all alert types, use ‘*’.
expiration_date_utc (datetime) – Expiration date of the rule, if value is not provided or provided as null this field will default to the maximum allowed expiration date.
reason (str) – The reason for dismissing the alert.
state (str or RuleState) – Possible states of the rule. Possible values include: “Enabled”, “Disabled”, “Expired”.
comment (str) – Any comment regarding the rule.
suppression_alerts_scope (SuppressionAlertsScope) – The suppression conditions.

class azure.mgmt.security.models.AlertsSuppressionRulesList(*, value: List[azure.mgmt.security.models._models_py3.AlertsSuppressionRule], **kwargs)[source]¶

Bases: msrest.serialization.Model

Suppression rules list for subscription.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Parameters: value (list[AlertsSuppressionRule]) – Required.
Variables: next_link (str) – URI to fetch the next page.

class azure.mgmt.security.models.AlertsToAdmins(value)[source]¶

Bases: str, enum.Enum

Whether to send security alerts notifications to subscription admins

OFF = 'Off'¶: Don’t send notification on new alerts to the subscription’s admins.

ON = 'On'¶: Send notification on new alerts to the subscription’s admins.

class azure.mgmt.security.models.AllowedConnectionsList(**kwargs)[source]¶

Bases: msrest.serialization.Model

List of all possible traffic between Azure resources.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

value (list[AllowedConnectionsResource]) –
next_link (str) – The URI to fetch the next page.

class azure.mgmt.security.models.AllowedConnectionsResource(**kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource, azure.mgmt.security.models._models_py3.Location

The resource whose properties describes the allowed traffic between Azure resources.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

location (str) – Location where the resource is stored.
id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.
calculated_date_time (datetime) – The UTC time on which the allowed connections resource was calculated.
connectable_resources (list[ConnectableResource]) – List of connectable resources.

class azure.mgmt.security.models.AllowlistCustomAlertRule(*, is_enabled: bool, allowlist_values: List[str], **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.ListCustomAlertRule

A custom alert rule that checks if a value (depends on the custom alert type) is allowed.

You probably want to use the sub-classes and not this class directly. Known sub-classes are: ConnectionFromIpNotAllowed, ConnectionToIpNotAllowed, LocalUserNotAllowed, ProcessNotAllowed.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

display_name (str) – The display name of the custom alert.
description (str) – The description of the custom alert.
value_type (str or ValueType) – The value type of the items in the list. Possible values include: “IpCidr”, “String”.

Parameters

is_enabled (bool) – Required. Status of the custom alert.
rule_type (str) – Required. The type of the custom alert rule.Constant filled by server.
allowlist_values (list[str]) – Required. The values to allow. The format of the values depends on the rule type.

class azure.mgmt.security.models.AmqpC2DMessagesNotInAllowedRange(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size: datetime.timedelta, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule

Number of cloud to device messages (AMQP protocol) is not in allowed range.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

display_name (str) – The display name of the custom alert.
description (str) – The description of the custom alert.

Parameters

is_enabled (bool) – Required. Status of the custom alert.
rule_type (str) – Required. The type of the custom alert rule.Constant filled by server.
min_threshold (int) – Required. The minimum threshold.
max_threshold (int) – Required. The maximum threshold.
time_window_size (timedelta) – Required. The time window size in iso8601 format.

class azure.mgmt.security.models.AmqpC2DRejectedMessagesNotInAllowedRange(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size: datetime.timedelta, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule

Number of rejected cloud to device messages (AMQP protocol) is not in allowed range.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

display_name (str) – The display name of the custom alert.
description (str) – The description of the custom alert.

Parameters

is_enabled (bool) – Required. Status of the custom alert.
rule_type (str) – Required. The type of the custom alert rule.Constant filled by server.
min_threshold (int) – Required. The minimum threshold.
max_threshold (int) – Required. The maximum threshold.
time_window_size (timedelta) – Required. The time window size in iso8601 format.

class azure.mgmt.security.models.AmqpD2CMessagesNotInAllowedRange(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size: datetime.timedelta, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule

Number of device to cloud messages (AMQP protocol) is not in allowed range.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

display_name (str) – The display name of the custom alert.
description (str) – The description of the custom alert.

Parameters

is_enabled (bool) – Required. Status of the custom alert.
rule_type (str) – Required. The type of the custom alert rule.Constant filled by server.
min_threshold (int) – Required. The minimum threshold.
max_threshold (int) – Required. The maximum threshold.
time_window_size (timedelta) – Required. The time window size in iso8601 format.

class azure.mgmt.security.models.AscLocation(*, properties: Optional[Any] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource

The ASC location of the subscription is in the “name” field.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.

Parameters

properties (any) – Any object.

class azure.mgmt.security.models.AscLocationList(**kwargs)[source]¶

Bases: msrest.serialization.Model

List of locations where ASC saves your data.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

value (list[AscLocation]) –
next_link (str) – The URI to fetch the next page.

class azure.mgmt.security.models.AssessedResourceType(value)[source]¶

Bases: str, enum.Enum

Sub-assessment resource type

CONTAINER_REGISTRY_VULNERABILITY = 'ContainerRegistryVulnerability'¶

SERVER_VULNERABILITY = 'ServerVulnerability'¶

SQL_SERVER_VULNERABILITY = 'SqlServerVulnerability'¶

class azure.mgmt.security.models.AssessmentLinks(**kwargs)[source]¶

Bases: msrest.serialization.Model

Links relevant to the assessment.

Variables are only populated by the server, and will be ignored when sending a request.

Variables: azure_portal_uri (str) – Link to assessment in Azure Portal.

class azure.mgmt.security.models.AssessmentStatus(*, code: str, cause: Optional[str] = None, description: Optional[str] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

The result of the assessment.

All required parameters must be populated in order to send to Azure.

Parameters

code (str or AssessmentStatusCode) – Required. Programmatic code for the status of the assessment. Possible values include: “Healthy”, “Unhealthy”, “NotApplicable”.
cause (str) – Programmatic code for the cause of the assessment status.
description (str) – Human readable description of the assessment status.

class azure.mgmt.security.models.AssessmentStatusCode(value)[source]¶

Bases: str, enum.Enum

Programmatic code for the status of the assessment

HEALTHY = 'Healthy'¶: The resource is healthy.

NOT_APPLICABLE = 'NotApplicable'¶: Assessment for this resource did not happen.

UNHEALTHY = 'Unhealthy'¶: The resource has a security issue that needs to be addressed.

class azure.mgmt.security.models.AssessmentType(value)[source]¶

Bases: str, enum.Enum

BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition

BUILT_IN = 'BuiltIn'¶: Azure Security Center managed assessments.

CUSTOMER_MANAGED = 'CustomerManaged'¶: User assessments pushed directly by the user or other third party to Azure Security Center.

CUSTOM_POLICY = 'CustomPolicy'¶: User defined policies that are automatically ingested from Azure Policy to Azure Security Center.

VERIFIED_PARTNER = 'VerifiedPartner'¶: An assessment that was created by a verified 3rd party if the user connected it to ASC.

class azure.mgmt.security.models.AtaExternalSecuritySolution(*, kind: Optional[str] = None, properties: Optional[azure.mgmt.security.models._models_py3.AtaSolutionProperties] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.ExternalSecuritySolution

Represents an ATA security solution which sends logs to an OMS workspace.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters

kind (str or ExternalSecuritySolutionKindEnum) – The kind of the external solution. Possible values include: “CEF”, “ATA”, “AAD”.
properties (AtaSolutionProperties) – The external security solution properties for ATA solutions.

Variables

location (str) – Location where the resource is stored.
id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.

class azure.mgmt.security.models.AtaSolutionProperties(*, additional_properties: Optional[Dict[str, Any]] = None, device_vendor: Optional[str] = None, device_type: Optional[str] = None, workspace: Optional[azure.mgmt.security.models._models_py3.ConnectedWorkspace] = None, last_event_received: Optional[str] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.ExternalSecuritySolutionProperties

The external security solution properties for ATA solutions.

Parameters

additional_properties (dict[str, any]) – Unmatched properties from the message are deserialized to this collection.
device_vendor (str) –
device_type (str) –
workspace (ConnectedWorkspace) – Represents an OMS workspace to which the solution is connected.
last_event_received (str) –

class azure.mgmt.security.models.AuthenticationDetailsProperties(**kwargs)[source]¶

Bases: msrest.serialization.Model

Settings for cloud authentication management.

You probably want to use the sub-classes and not this class directly. Known sub-classes are: AwAssumeRoleAuthenticationDetailsProperties, AwsCredsAuthenticationDetailsProperties, GcpCredentialsDetailsProperties.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

authentication_provisioning_state (str or AuthenticationProvisioningState) – State of the multi-cloud connector. Possible values include: “Valid”, “Invalid”, “Expired”, “IncorrectPolicy”.
granted_permissions (list[str or PermissionProperty]) – The permissions detected in the cloud account.

Parameters

authentication_type (str or AuthenticationType) – Required. Connect to your cloud account, for AWS use either account credentials or role-based authentication. For GCP use account organization credentials.Constant filled by server. Possible values include: “awsCreds”, “awsAssumeRole”, “gcpCredentials”.

class azure.mgmt.security.models.AuthenticationProvisioningState(value)[source]¶

Bases: str, enum.Enum

State of the multi-cloud connector

EXPIRED = 'Expired'¶: the connection has expired.

INCORRECT_POLICY = 'IncorrectPolicy'¶: Incorrect policy of the connector.

INVALID = 'Invalid'¶: Invalid connector.

VALID = 'Valid'¶: Valid connector.

class azure.mgmt.security.models.AuthenticationType(value)[source]¶

Bases: str, enum.Enum

Connect to your cloud account, for AWS use either account credentials or role-based authentication. For GCP use account organization credentials.

AWS_ASSUME_ROLE = 'awsAssumeRole'¶: AWS account connector assume role authentication.

AWS_CREDS = 'awsCreds'¶: AWS cloud account connector user credentials authentication.

GCP_CREDENTIALS = 'gcpCredentials'¶: GCP account connector service to service authentication.

class azure.mgmt.security.models.AutoProvision(value)[source]¶

Bases: str, enum.Enum

Describes what kind of security agent provisioning action to take

OFF = 'Off'¶: Do not install security agent on the VMs automatically.

ON = 'On'¶: Install missing security agent on VMs automatically.

class azure.mgmt.security.models.AutoProvisioningSetting(*, auto_provision: Optional[str] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource

Auto provisioning setting.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.

Parameters

auto_provision (str or AutoProvision) – Describes what kind of security agent provisioning action to take. Possible values include: “On”, “Off”.

class azure.mgmt.security.models.AutoProvisioningSettingList(*, value: Optional[List[azure.mgmt.security.models._models_py3.AutoProvisioningSetting]] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

List of all the auto provisioning settings response.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters: value (list[AutoProvisioningSetting]) – List of all the auto provisioning settings.
Variables: next_link (str) – The URI to fetch the next page.

class azure.mgmt.security.models.Automation(*, tags: Optional[Dict[str, str]] = None, etag: Optional[str] = None, kind: Optional[str] = None, location: Optional[str] = None, description: Optional[str] = None, is_enabled: Optional[bool] = None, scopes: Optional[List[azure.mgmt.security.models._models_py3.AutomationScope]] = None, sources: Optional[List[azure.mgmt.security.models._models_py3.AutomationSource]] = None, actions: Optional[List[azure.mgmt.security.models._models_py3.AutomationAction]] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.TrackedResource

The security automation resource.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters

tags (dict[str, str]) – A set of tags. A list of key value pairs that describe the resource.
etag (str) – Entity tag is used for comparing two or more entities from the same requested resource.
kind (str) – Kind of the resource.
location (str) – Location where the resource is stored.
description (str) – The security automation description.
is_enabled (bool) – Indicates whether the security automation is enabled.
scopes (list[AutomationScope]) – A collection of scopes on which the security automations logic is applied. Supported scopes are the subscription itself or a resource group under that subscription. The automation will only apply on defined scopes.
sources (list[AutomationSource]) – A collection of the source event types which evaluate the security automation set of rules.
actions (list[AutomationAction]) – A collection of the actions which are triggered if all the configured rules evaluations, within at least one rule set, are true.

Variables

id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.

class azure.mgmt.security.models.AutomationAction(**kwargs)[source]¶

Bases: msrest.serialization.Model

The action that should be triggered.

You probably want to use the sub-classes and not this class directly. Known sub-classes are: AutomationActionEventHub, AutomationActionLogicApp, AutomationActionWorkspace.

All required parameters must be populated in order to send to Azure.

Parameters: action_type (str or ActionType) – Required. The type of the action that will be triggered by the Automation.Constant filled by server. Possible values include: “LogicApp”, “EventHub”, “Workspace”.

class azure.mgmt.security.models.AutomationActionEventHub(*, event_hub_resource_id: Optional[str] = None, connection_string: Optional[str] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.AutomationAction

The target Event Hub to which event data will be exported. To learn more about Security Center continuous export capabilities, visit https://aka.ms/ASCExportLearnMore.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Parameters

action_type (str or ActionType) – Required. The type of the action that will be triggered by the Automation.Constant filled by server. Possible values include: “LogicApp”, “EventHub”, “Workspace”.
event_hub_resource_id (str) – The target Event Hub Azure Resource ID.
connection_string (str) – The target Event Hub connection string (it will not be included in any response).

Variables

sas_policy_name (str) – The target Event Hub SAS policy name.

class azure.mgmt.security.models.AutomationActionLogicApp(*, logic_app_resource_id: Optional[str] = None, uri: Optional[str] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.AutomationAction

The logic app action that should be triggered. To learn more about Security Center’s Workflow Automation capabilities, visit https://aka.ms/ASCWorkflowAutomationLearnMore.

All required parameters must be populated in order to send to Azure.

Parameters

action_type (str or ActionType) – Required. The type of the action that will be triggered by the Automation.Constant filled by server. Possible values include: “LogicApp”, “EventHub”, “Workspace”.
logic_app_resource_id (str) – The triggered Logic App Azure Resource ID. This can also reside on other subscriptions, given that you have permissions to trigger the Logic App.
uri (str) – The Logic App trigger URI endpoint (it will not be included in any response).

class azure.mgmt.security.models.AutomationActionWorkspace(*, workspace_resource_id: Optional[str] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.AutomationAction

The Log Analytics Workspace to which event data will be exported. Security alerts data will reside in the ‘SecurityAlert’ table and the assessments data will reside in the ‘SecurityRecommendation’ table (under the ‘Security’/’SecurityCenterFree’ solutions). Note that in order to view the data in the workspace, the Security Center Log Analytics free/standard solution needs to be enabled on that workspace. To learn more about Security Center continuous export capabilities, visit https://aka.ms/ASCExportLearnMore.

All required parameters must be populated in order to send to Azure.

Parameters

action_type (str or ActionType) – Required. The type of the action that will be triggered by the Automation.Constant filled by server. Possible values include: “LogicApp”, “EventHub”, “Workspace”.
workspace_resource_id (str) – The fully qualified Log Analytics Workspace Azure Resource ID.

class azure.mgmt.security.models.AutomationList(*, value: List[azure.mgmt.security.models._models_py3.Automation], **kwargs)[source]¶

Bases: msrest.serialization.Model

List of security automations response.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Parameters: value (list[Automation]) – Required. The list of security automations under the given scope.
Variables: next_link (str) – The URI to fetch the next page.

class azure.mgmt.security.models.AutomationRuleSet(*, rules: Optional[List[azure.mgmt.security.models._models_py3.AutomationTriggeringRule]] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

A rule set which evaluates all its rules upon an event interception. Only when all the included rules in the rule set will be evaluated as ‘true’, will the event trigger the defined actions.

Parameters: rules (list[AutomationTriggeringRule]) –

class azure.mgmt.security.models.AutomationScope(*, description: Optional[str] = None, scope_path: Optional[str] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

A single automation scope.

Parameters

description (str) – The resources scope description.
scope_path (str) – The resources scope path. Can be the subscription on which the automation is defined on or a resource group under that subscription (fully qualified Azure resource IDs).

class azure.mgmt.security.models.AutomationSource(*, event_source: Optional[str] = None, rule_sets: Optional[List[azure.mgmt.security.models._models_py3.AutomationRuleSet]] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

The source event types which evaluate the security automation set of rules. For example - security alerts and security assessments. To learn more about the supported security events data models schemas - please visit https://aka.ms/ASCAutomationSchemas.

Parameters

event_source (str or EventSource) – A valid event source type. Possible values include: “Assessments”, “SubAssessments”, “Alerts”, “SecureScores”, “SecureScoresSnapshot”, “SecureScoreControls”, “SecureScoreControlsSnapshot”, “RegulatoryComplianceAssessment”, “RegulatoryComplianceAssessmentSnapshot”.
rule_sets (list[AutomationRuleSet]) – A set of rules which evaluate upon event interception. A logical disjunction is applied between defined rule sets (logical ‘or’).

class azure.mgmt.security.models.AutomationTriggeringRule(*, property_j_path: Optional[str] = None, property_type: Optional[str] = None, expected_value: Optional[str] = None, operator: Optional[str] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

A rule which is evaluated upon event interception. The rule is configured by comparing a specific value from the event model to an expected value. This comparison is done by using one of the supported operators set.

Parameters

property_j_path (str) – The JPath of the entity model property that should be checked.
property_type (str or PropertyType) – The data type of the compared operands (string, integer, floating point number or a boolean [true/false]]. Possible values include: “String”, “Integer”, “Number”, “Boolean”.
expected_value (str) – The expected value.
operator (str or Operator) – A valid comparer operator to use. A case-insensitive comparison will be applied for String PropertyType. Possible values include: “Equals”, “GreaterThan”, “GreaterThanOrEqualTo”, “LesserThan”, “LesserThanOrEqualTo”, “NotEquals”, “Contains”, “StartsWith”, “EndsWith”.

class azure.mgmt.security.models.AutomationValidationStatus(*, is_valid: Optional[bool] = None, message: Optional[str] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

The security automation model state property bag.

Parameters

is_valid (bool) – Indicates whether the model is valid or not.
message (str) – The validation message.

class azure.mgmt.security.models.AwAssumeRoleAuthenticationDetailsProperties(*, aws_assume_role_arn: str, aws_external_id: str, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.AuthenticationDetailsProperties

AWS cloud account connector based assume role, the role enables delegating access to your AWS resources. The role is composed of role Amazon Resource Name (ARN) and external ID. For more details, refer to <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user.html">Creating a Role to Delegate Permissions to an IAM User (write only)</a>.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

authentication_provisioning_state (str or AuthenticationProvisioningState) – State of the multi-cloud connector. Possible values include: “Valid”, “Invalid”, “Expired”, “IncorrectPolicy”.
granted_permissions (list[str or PermissionProperty]) – The permissions detected in the cloud account.
account_id (str) – The ID of the cloud account.

Parameters

authentication_type (str or AuthenticationType) – Required. Connect to your cloud account, for AWS use either account credentials or role-based authentication. For GCP use account organization credentials.Constant filled by server. Possible values include: “awsCreds”, “awsAssumeRole”, “gcpCredentials”.
aws_assume_role_arn (str) – Required. Assumed role ID is an identifier that you can use to create temporary security credentials.
aws_external_id (str) – Required. A unique identifier that is required when you assume a role in another account.

class azure.mgmt.security.models.AwsCredsAuthenticationDetailsProperties(*, aws_access_key_id: str, aws_secret_access_key: str, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.AuthenticationDetailsProperties

AWS cloud account connector based credentials, the credentials is composed of access key ID and secret key, for more details, refer to <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html">Creating an IAM User in Your AWS Account (write only)</a>.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

authentication_provisioning_state (str or AuthenticationProvisioningState) – State of the multi-cloud connector. Possible values include: “Valid”, “Invalid”, “Expired”, “IncorrectPolicy”.
granted_permissions (list[str or PermissionProperty]) – The permissions detected in the cloud account.
account_id (str) – The ID of the cloud account.

Parameters

authentication_type (str or AuthenticationType) – Required. Connect to your cloud account, for AWS use either account credentials or role-based authentication. For GCP use account organization credentials.Constant filled by server. Possible values include: “awsCreds”, “awsAssumeRole”, “gcpCredentials”.
aws_access_key_id (str) – Required. Public key element of the AWS credential object (write only).
aws_secret_access_key (str) – Required. Secret key element of the AWS credential object (write only).

class azure.mgmt.security.models.AzureResourceDetails(**kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.ResourceDetails

Details of the Azure resource that was assessed.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Parameters: source (str or Source) – Required. The platform where the assessed resource resides.Constant filled by server. Possible values include: “Azure”, “OnPremise”, “OnPremiseSql”.
Variables: id (str) – Azure resource Id of the assessed resource.

class azure.mgmt.security.models.AzureResourceIdentifier(**kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.ResourceIdentifier

Azure resource identifier.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Parameters: type (str or ResourceIdentifierType) – Required. There can be multiple identifiers of different type per alert, this field specify the identifier type.Constant filled by server. Possible values include: “AzureResource”, “LogAnalytics”.
Variables: azure_resource_id (str) – ARM resource identifier for the cloud resource being alerted on.

class azure.mgmt.security.models.AzureResourceLink(**kwargs)[source]¶

Bases: msrest.serialization.Model

Describes an Azure resource with kind.

Variables are only populated by the server, and will be ignored when sending a request.

Variables: id (str) – Azure resource Id.

class azure.mgmt.security.models.AzureTrackedResourceLocation(*, location: Optional[str] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

Describes an Azure resource with location.

Parameters: location (str) – Location where the resource is stored.

class azure.mgmt.security.models.Baseline(*, expected_results: Optional[List[List[str]]] = None, updated_time: Optional[datetime.datetime] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

Baseline details.

Parameters

expected_results (list[list[str]]) – Expected results.
updated_time (datetime) – Baseline update time (UTC).

class azure.mgmt.security.models.BaselineAdjustedResult(*, baseline: Optional[azure.mgmt.security.models._models_py3.Baseline] = None, status: Optional[str] = None, results_not_in_baseline: Optional[List[List[str]]] = None, results_only_in_baseline: Optional[List[List[str]]] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

The rule result adjusted with baseline.

Parameters

baseline (Baseline) – Baseline details.
status (str or RuleStatus) – The rule result status. Possible values include: “NonFinding”, “Finding”, “InternalError”.
results_not_in_baseline (list[list[str]]) – Results the are not in baseline.
results_only_in_baseline (list[list[str]]) – Results the are in baseline.

class azure.mgmt.security.models.BenchmarkReference(*, benchmark: Optional[str] = None, reference: Optional[str] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

The benchmark references.

Parameters

benchmark (str) – The benchmark name.
reference (str) – The benchmark reference.

class azure.mgmt.security.models.BundleType(value)[source]¶

Bases: str, enum.Enum

Alert Simulator supported bundles.

APP_SERVICES = 'AppServices'¶

DNS = 'DNS'¶

KEY_VAULTS = 'KeyVaults'¶

KUBERNETES_SERVICE = 'KubernetesService'¶

RESOURCE_MANAGER = 'ResourceManager'¶

SQL_SERVERS = 'SqlServers'¶

STORAGE_ACCOUNTS = 'StorageAccounts'¶

VIRTUAL_MACHINES = 'VirtualMachines'¶

class azure.mgmt.security.models.CVE(**kwargs)[source]¶

Bases: msrest.serialization.Model

CVE details.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

title (str) – CVE title.
link (str) – Link url.

class azure.mgmt.security.models.CVSS(**kwargs)[source]¶

Bases: msrest.serialization.Model

CVSS details.

Variables are only populated by the server, and will be ignored when sending a request.

Variables: base (float) – CVSS base.

class azure.mgmt.security.models.Categories(value)[source]¶

Bases: str, enum.Enum

The categories of resource that is at risk when the assessment is unhealthy

COMPUTE = 'Compute'¶

DATA = 'Data'¶

IDENTITY_AND_ACCESS = 'IdentityAndAccess'¶

IO_T = 'IoT'¶

NETWORKING = 'Networking'¶

class azure.mgmt.security.models.CefExternalSecuritySolution(*, kind: Optional[str] = None, properties: Optional[azure.mgmt.security.models._models_py3.CefSolutionProperties] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.ExternalSecuritySolution

Represents a security solution which sends CEF logs to an OMS workspace.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters

kind (str or ExternalSecuritySolutionKindEnum) – The kind of the external solution. Possible values include: “CEF”, “ATA”, “AAD”.
properties (CefSolutionProperties) – The external security solution properties for CEF solutions.

Variables

location (str) – Location where the resource is stored.
id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.

class azure.mgmt.security.models.CefSolutionProperties(*, additional_properties: Optional[Dict[str, Any]] = None, device_vendor: Optional[str] = None, device_type: Optional[str] = None, workspace: Optional[azure.mgmt.security.models._models_py3.ConnectedWorkspace] = None, hostname: Optional[str] = None, agent: Optional[str] = None, last_event_received: Optional[str] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.ExternalSecuritySolutionProperties

The external security solution properties for CEF solutions.

Parameters

additional_properties (dict[str, any]) – Unmatched properties from the message are deserialized to this collection.
device_vendor (str) –
device_type (str) –
workspace (ConnectedWorkspace) – Represents an OMS workspace to which the solution is connected.
hostname (str) –
agent (str) –
last_event_received (str) –

class azure.mgmt.security.models.CloudErrorBody(**kwargs)[source]¶

Bases: msrest.serialization.Model

The error detail.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

code (str) – The error code.
message (str) – The error message.
target (str) – The error target.
details (list[CloudErrorBody]) – The error details.
additional_info (list[ErrorAdditionalInfo]) – The error additional info.

class azure.mgmt.security.models.Compliance(**kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource

Compliance of a scope.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.
assessment_timestamp_utc_date (datetime) – The timestamp when the Compliance calculation was conducted.
resource_count (int) – The resource count of the given subscription for which the Compliance calculation was conducted (needed for Management Group Compliance calculation).
assessment_result (list[ComplianceSegment]) – An array of segment, which is the actually the compliance assessment.

class azure.mgmt.security.models.ComplianceList(*, value: Optional[List[azure.mgmt.security.models._models_py3.Compliance]] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

List of Compliance objects response.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters: value (list[Compliance]) – List of Compliance objects.
Variables: next_link (str) – The URI to fetch the next page.

class azure.mgmt.security.models.ComplianceResult(**kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource

a compliance result.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.
resource_status (str or ResourceStatus) – The status of the resource regarding a single assessment. Possible values include: “Healthy”, “NotApplicable”, “OffByPolicy”, “NotHealthy”.

class azure.mgmt.security.models.ComplianceResultList(*, value: List[azure.mgmt.security.models._models_py3.ComplianceResult], **kwargs)[source]¶

Bases: msrest.serialization.Model

List of compliance results response.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Parameters: value (list[ComplianceResult]) – Required. List of compliance results.
Variables: next_link (str) – The URI to fetch the next page.

class azure.mgmt.security.models.ComplianceSegment(**kwargs)[source]¶

Bases: msrest.serialization.Model

A segment of a compliance assessment.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

segment_type (str) – The segment type, e.g. compliant, non-compliance, insufficient coverage, N/A, etc.
percentage (float) – The size (%) of the segment.

class azure.mgmt.security.models.ConfigurationStatus(value)[source]¶

Bases: str, enum.Enum

The configuration status of the machines group or machine or rule

CONFIGURED = 'Configured'¶

FAILED = 'Failed'¶

IN_PROGRESS = 'InProgress'¶

NOT_CONFIGURED = 'NotConfigured'¶

NO_STATUS = 'NoStatus'¶

class azure.mgmt.security.models.ConnectableResource(**kwargs)[source]¶

Bases: msrest.serialization.Model

Describes the allowed inbound and outbound traffic of an Azure resource.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

id (str) – The Azure resource id.
inbound_connected_resources (list[ConnectedResource]) – The list of Azure resources that the resource has inbound allowed connection from.
outbound_connected_resources (list[ConnectedResource]) – The list of Azure resources that the resource has outbound allowed connection to.

class azure.mgmt.security.models.ConnectedResource(**kwargs)[source]¶

Bases: msrest.serialization.Model

Describes properties of a connected resource.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

connected_resource_id (str) – The Azure resource id of the connected resource.
tcp_ports (str) – The allowed tcp ports.
udp_ports (str) – The allowed udp ports.

class azure.mgmt.security.models.ConnectedWorkspace(*, id: Optional[str] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

Represents an OMS workspace to which the solution is connected.

Parameters: id (str) – Azure resource ID of the connected OMS workspace.

class azure.mgmt.security.models.ConnectionFromIpNotAllowed(*, is_enabled: bool, allowlist_values: List[str], **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.AllowlistCustomAlertRule

Inbound connection from an ip that isn’t allowed. Allow list consists of ipv4 or ipv6 range in CIDR notation.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

display_name (str) – The display name of the custom alert.
description (str) – The description of the custom alert.
value_type (str or ValueType) – The value type of the items in the list. Possible values include: “IpCidr”, “String”.

Parameters

is_enabled (bool) – Required. Status of the custom alert.
rule_type (str) – Required. The type of the custom alert rule.Constant filled by server.
allowlist_values (list[str]) – Required. The values to allow. The format of the values depends on the rule type.

class azure.mgmt.security.models.ConnectionStrings(*, value: List[azure.mgmt.security.models._models_py3.IngestionConnectionString], **kwargs)[source]¶

Bases: msrest.serialization.Model

Connection string for ingesting security data and logs.

All required parameters must be populated in order to send to Azure.

Parameters: value (list[IngestionConnectionString]) – Required. Connection strings.

class azure.mgmt.security.models.ConnectionToIpNotAllowed(*, is_enabled: bool, allowlist_values: List[str], **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.AllowlistCustomAlertRule

Outbound connection to an ip that isn’t allowed. Allow list consists of ipv4 or ipv6 range in CIDR notation.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

display_name (str) – The display name of the custom alert.
description (str) – The description of the custom alert.
value_type (str or ValueType) – The value type of the items in the list. Possible values include: “IpCidr”, “String”.

Parameters

is_enabled (bool) – Required. Status of the custom alert.
rule_type (str) – Required. The type of the custom alert rule.Constant filled by server.
allowlist_values (list[str]) – Required. The values to allow. The format of the values depends on the rule type.

class azure.mgmt.security.models.ConnectionType(value)[source]¶

Bases: str, enum.Enum

An enumeration.

EXTERNAL = 'External'¶

INTERNAL = 'Internal'¶

class azure.mgmt.security.models.ConnectorSetting(*, hybrid_compute_settings: Optional[azure.mgmt.security.models._models_py3.HybridComputeSettingsProperties] = None, authentication_details: Optional[azure.mgmt.security.models._models_py3.AuthenticationDetailsProperties] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource

The connector setting.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.

Parameters

hybrid_compute_settings (HybridComputeSettingsProperties) – Settings for hybrid compute management. These settings are relevant only for Arc autoProvision (Hybrid Compute).
authentication_details (AuthenticationDetailsProperties) – Settings for authentication management, these settings are relevant only for the cloud connector.

class azure.mgmt.security.models.ConnectorSettingList(*, value: Optional[List[azure.mgmt.security.models._models_py3.ConnectorSetting]] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

For a subscription, list of all cloud account connectors and their settings.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters: value (list[ConnectorSetting]) – List of all the cloud account connector settings.
Variables: next_link (str) – The URI to fetch the next page.

class azure.mgmt.security.models.ContainerRegistryVulnerabilityProperties(**kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.AdditionalData

Additional context fields for container registry Vulnerability assessment.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Parameters

assessed_resource_type (str or AssessedResourceType) – Required. Sub-assessment resource type.Constant filled by server. Possible values include: “SqlServerVulnerability”, “ContainerRegistryVulnerability”, “ServerVulnerability”.

Variables

type (str) – Vulnerability Type. e.g: Vulnerability, Potential Vulnerability, Information Gathered, Vulnerability.
cvss (dict[str, CVSS]) – Dictionary from cvss version to cvss details object.
patchable (bool) – Indicates whether a patch is available or not.
cve (list[CVE]) – List of CVEs.
published_time (datetime) – Published time.
vendor_references (list[VendorReference]) –
repository_name (str) – Name of the repository which the vulnerable image belongs to.
image_digest (str) – Digest of the vulnerable image.

class azure.mgmt.security.models.ControlType(value)[source]¶

Bases: str, enum.Enum

The type of security control (for example, BuiltIn)

BUILT_IN = 'BuiltIn'¶: Azure Security Center managed assessments.

CUSTOM = 'Custom'¶: Non Azure Security Center managed assessments.

class azure.mgmt.security.models.CreatedByType(value)[source]¶

Bases: str, enum.Enum

The type of identity that created the resource.

APPLICATION = 'Application'¶

KEY = 'Key'¶

MANAGED_IDENTITY = 'ManagedIdentity'¶

USER = 'User'¶

class azure.mgmt.security.models.CustomAlertRule(*, is_enabled: bool, **kwargs)[source]¶

Bases: msrest.serialization.Model

A custom alert rule.

You probably want to use the sub-classes and not this class directly. Known sub-classes are: ListCustomAlertRule, ThresholdCustomAlertRule.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

display_name (str) – The display name of the custom alert.
description (str) – The description of the custom alert.

Parameters

is_enabled (bool) – Required. Status of the custom alert.
rule_type (str) – Required. The type of the custom alert rule.Constant filled by server.

class azure.mgmt.security.models.DataExportSettings(*, enabled: Optional[bool] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Setting

Represents a data export setting.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.

Parameters

kind (str or SettingKind) – Required. the kind of the settings string.Constant filled by server. Possible values include: “DataExportSettings”, “AlertSuppressionSetting”, “AlertSyncSettings”.
enabled (bool) – Is the data export setting enabled.

class azure.mgmt.security.models.DataSource(value)[source]¶

Bases: str, enum.Enum

An enumeration.

TWIN_DATA = 'TwinData'¶: Devices twin data.

class azure.mgmt.security.models.DenylistCustomAlertRule(*, is_enabled: bool, denylist_values: List[str], **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.ListCustomAlertRule

A custom alert rule that checks if a value (depends on the custom alert type) is denied.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

display_name (str) – The display name of the custom alert.
description (str) – The description of the custom alert.
value_type (str or ValueType) – The value type of the items in the list. Possible values include: “IpCidr”, “String”.

Parameters

is_enabled (bool) – Required. Status of the custom alert.
rule_type (str) – Required. The type of the custom alert rule.Constant filled by server.
denylist_values (list[str]) – Required. The values to deny. The format of the values depends on the rule type.

class azure.mgmt.security.models.DeviceSecurityGroup(*, threshold_rules: Optional[List[azure.mgmt.security.models._models_py3.ThresholdCustomAlertRule]] = None, time_window_rules: Optional[List[azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule]] = None, allowlist_rules: Optional[List[azure.mgmt.security.models._models_py3.AllowlistCustomAlertRule]] = None, denylist_rules: Optional[List[azure.mgmt.security.models._models_py3.DenylistCustomAlertRule]] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource

The device security group resource.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.

Parameters

threshold_rules (list[ThresholdCustomAlertRule]) – The list of custom alert threshold rules.
time_window_rules (list[TimeWindowCustomAlertRule]) – The list of custom alert time-window rules.
allowlist_rules (list[AllowlistCustomAlertRule]) – The allow-list custom alert rules.
denylist_rules (list[DenylistCustomAlertRule]) – The deny-list custom alert rules.

class azure.mgmt.security.models.DeviceSecurityGroupList(*, value: Optional[List[azure.mgmt.security.models._models_py3.DeviceSecurityGroup]] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

List of device security groups.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters: value (list[DeviceSecurityGroup]) – List of device security group objects.
Variables: next_link (str) – The URI to fetch the next page.

class azure.mgmt.security.models.DirectMethodInvokesNotInAllowedRange(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size: datetime.timedelta, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule

Number of direct method invokes is not in allowed range.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

display_name (str) – The display name of the custom alert.
description (str) – The description of the custom alert.

Parameters

is_enabled (bool) – Required. Status of the custom alert.
rule_type (str) – Required. The type of the custom alert rule.Constant filled by server.
min_threshold (int) – Required. The minimum threshold.
max_threshold (int) – Required. The maximum threshold.
time_window_size (timedelta) – Required. The time window size in iso8601 format.

class azure.mgmt.security.models.Direction(value)[source]¶

Bases: str, enum.Enum

The rule’s direction

INBOUND = 'Inbound'¶

OUTBOUND = 'Outbound'¶

class azure.mgmt.security.models.DiscoveredSecuritySolution(*, security_family: str, offer: str, publisher: str, sku: str, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource, azure.mgmt.security.models._models_py3.Location

DiscoveredSecuritySolution.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

location (str) – Location where the resource is stored.
id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.

Parameters

security_family (str or SecurityFamily) – Required. The security family of the discovered solution. Possible values include: “Waf”, “Ngfw”, “SaasWaf”, “Va”.
offer (str) – Required. The security solutions’ image offer.
publisher (str) – Required. The security solutions’ image publisher.
sku (str) – Required. The security solutions’ image sku.

class azure.mgmt.security.models.DiscoveredSecuritySolutionList(*, value: Optional[List[azure.mgmt.security.models._models_py3.DiscoveredSecuritySolution]] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

DiscoveredSecuritySolutionList.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters: value (list[DiscoveredSecuritySolution]) –
Variables: next_link (str) – The URI to fetch the next page.

class azure.mgmt.security.models.ETag(*, etag: Optional[str] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

Entity tag is used for comparing two or more entities from the same requested resource.

Parameters: etag (str) – Entity tag is used for comparing two or more entities from the same requested resource.

class azure.mgmt.security.models.EffectiveNetworkSecurityGroups(*, network_interface: Optional[str] = None, network_security_groups: Optional[List[str]] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

Describes the Network Security Groups effective on a network interface.

Parameters

network_interface (str) – The Azure resource ID of the network interface.
network_security_groups (list[str]) – The Network Security Groups effective on the network interface.

class azure.mgmt.security.models.EndOfSupportStatus(value)[source]¶

Bases: str, enum.Enum

End of support status.

NONE = 'None'¶

NO_LONGER_SUPPORTED = 'noLongerSupported'¶

UPCOMING_NO_LONGER_SUPPORTED = 'upcomingNoLongerSupported'¶

UPCOMING_VERSION_NO_LONGER_SUPPORTED = 'upcomingVersionNoLongerSupported'¶

VERSION_NO_LONGER_SUPPORTED = 'versionNoLongerSupported'¶

class azure.mgmt.security.models.EnforcementMode(value)[source]¶

Bases: str, enum.Enum

The application control policy enforcement/protection mode of the machine group

AUDIT = 'Audit'¶

ENFORCE = 'Enforce'¶

NONE = 'None'¶

class azure.mgmt.security.models.EnforcementSupport(value)[source]¶

Bases: str, enum.Enum

The machine supportability of Enforce feature

NOT_SUPPORTED = 'NotSupported'¶

SUPPORTED = 'Supported'¶

UNKNOWN = 'Unknown'¶

class azure.mgmt.security.models.Enum13(value)[source]¶

Bases: str, enum.Enum

An enumeration.

ACTIVATE = 'Activate'¶

CLOSE = 'Close'¶

DISMISS = 'Dismiss'¶

RESOLVE = 'Resolve'¶

START = 'Start'¶

class azure.mgmt.security.models.Enum15(value)[source]¶

Bases: str, enum.Enum

An enumeration.

CUSTOM = 'custom'¶

EFFECTIVE = 'effective'¶

class azure.mgmt.security.models.Enum69(value)[source]¶

Bases: str, enum.Enum

An enumeration.

MCAS = 'MCAS'¶

SENTINEL = 'Sentinel'¶

WDATP = 'WDATP'¶

WDATP_EXCLUDE_LINUX_PUBLIC_PREVIEW = 'WDATP_EXCLUDE_LINUX_PUBLIC_PREVIEW'¶

class azure.mgmt.security.models.ErrorAdditionalInfo(**kwargs)[source]¶

Bases: msrest.serialization.Model

The resource management error additional info.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

type (str) – The additional info type.
info (any) – The additional info.

class azure.mgmt.security.models.EventSource(value)[source]¶

Bases: str, enum.Enum

A valid event source type.

ALERTS = 'Alerts'¶

ASSESSMENTS = 'Assessments'¶

REGULATORY_COMPLIANCE_ASSESSMENT = 'RegulatoryComplianceAssessment'¶

REGULATORY_COMPLIANCE_ASSESSMENT_SNAPSHOT = 'RegulatoryComplianceAssessmentSnapshot'¶

SECURE_SCORES = 'SecureScores'¶

SECURE_SCORES_SNAPSHOT = 'SecureScoresSnapshot'¶

SECURE_SCORE_CONTROLS = 'SecureScoreControls'¶

SECURE_SCORE_CONTROLS_SNAPSHOT = 'SecureScoreControlsSnapshot'¶

SUB_ASSESSMENTS = 'SubAssessments'¶

class azure.mgmt.security.models.ExpandControlsEnum(value)[source]¶

Bases: str, enum.Enum

An enumeration.

DEFINITION = 'definition'¶: Add definition object for each control.

class azure.mgmt.security.models.ExpandEnum(value)[source]¶

Bases: str, enum.Enum

An enumeration.

LINKS = 'links'¶: All links associated with an assessment.

METADATA = 'metadata'¶: Assessment metadata.

class azure.mgmt.security.models.ExportData(value)[source]¶

Bases: str, enum.Enum

An enumeration.

RAW_EVENTS = 'RawEvents'¶: Agent raw events.

class azure.mgmt.security.models.ExternalSecuritySolution(*, kind: Optional[str] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource, azure.mgmt.security.models._models_py3.Location, azure.mgmt.security.models._models_py3.ExternalSecuritySolutionKind

Represents a security solution external to Azure Security Center which sends information to an OMS workspace and whose data is displayed by Azure Security Center.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters

kind (str or ExternalSecuritySolutionKindEnum) – The kind of the external solution. Possible values include: “CEF”, “ATA”, “AAD”.

Variables

location (str) – Location where the resource is stored.
id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.

class azure.mgmt.security.models.ExternalSecuritySolutionKind(*, kind: Optional[str] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

Describes an Azure resource with kind.

Parameters: kind (str or ExternalSecuritySolutionKindEnum) – The kind of the external solution. Possible values include: “CEF”, “ATA”, “AAD”.

class azure.mgmt.security.models.ExternalSecuritySolutionKindEnum(value)[source]¶

Bases: str, enum.Enum

The kind of the external solution

AAD = 'AAD'¶

ATA = 'ATA'¶

CEF = 'CEF'¶

class azure.mgmt.security.models.ExternalSecuritySolutionList(*, value: Optional[List[azure.mgmt.security.models._models_py3.ExternalSecuritySolution]] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

ExternalSecuritySolutionList.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters: value (list[ExternalSecuritySolution]) –
Variables: next_link (str) – The URI to fetch the next page.

class azure.mgmt.security.models.ExternalSecuritySolutionProperties(*, additional_properties: Optional[Dict[str, Any]] = None, device_vendor: Optional[str] = None, device_type: Optional[str] = None, workspace: Optional[azure.mgmt.security.models._models_py3.ConnectedWorkspace] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

The solution properties (correspond to the solution kind).

Parameters

additional_properties (dict[str, any]) – Unmatched properties from the message are deserialized to this collection.
device_vendor (str) –
device_type (str) –
workspace (ConnectedWorkspace) – Represents an OMS workspace to which the solution is connected.

class azure.mgmt.security.models.FailedLocalLoginsNotInAllowedRange(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size: datetime.timedelta, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule

Number of failed local logins is not in allowed range.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

display_name (str) – The display name of the custom alert.
description (str) – The description of the custom alert.

Parameters

is_enabled (bool) – Required. Status of the custom alert.
rule_type (str) – Required. The type of the custom alert rule.Constant filled by server.
min_threshold (int) – Required. The minimum threshold.
max_threshold (int) – Required. The maximum threshold.
time_window_size (timedelta) – Required. The time window size in iso8601 format.

class azure.mgmt.security.models.FileType(value)[source]¶

Bases: str, enum.Enum

The type of the file (for Linux files - Executable is used)

DLL = 'Dll'¶

EXE = 'Exe'¶

EXECUTABLE = 'Executable'¶

MSI = 'Msi'¶

SCRIPT = 'Script'¶

UNKNOWN = 'Unknown'¶

class azure.mgmt.security.models.FileUploadsNotInAllowedRange(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size: datetime.timedelta, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule

Number of file uploads is not in allowed range.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

display_name (str) – The display name of the custom alert.
description (str) – The description of the custom alert.

Parameters

is_enabled (bool) – Required. Status of the custom alert.
rule_type (str) – Required. The type of the custom alert rule.Constant filled by server.
min_threshold (int) – Required. The minimum threshold.
max_threshold (int) – Required. The maximum threshold.
time_window_size (timedelta) – Required. The time window size in iso8601 format.

class azure.mgmt.security.models.GcpCredentialsDetailsProperties(*, organization_id: str, type: str, project_id: str, private_key_id: str, private_key: str, client_email: str, client_id: str, auth_uri: str, token_uri: str, auth_provider_x509_cert_url: str, client_x509_cert_url: str, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.AuthenticationDetailsProperties

GCP cloud account connector based service to service credentials, the credentials are composed of the organization ID and a JSON API key (write only).

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

authentication_provisioning_state (str or AuthenticationProvisioningState) – State of the multi-cloud connector. Possible values include: “Valid”, “Invalid”, “Expired”, “IncorrectPolicy”.
granted_permissions (list[str or PermissionProperty]) – The permissions detected in the cloud account.

Parameters

authentication_type (str or AuthenticationType) – Required. Connect to your cloud account, for AWS use either account credentials or role-based authentication. For GCP use account organization credentials.Constant filled by server. Possible values include: “awsCreds”, “awsAssumeRole”, “gcpCredentials”.
organization_id (str) – Required. The organization ID of the GCP cloud account.
type (str) – Required. Type field of the API key (write only).
project_id (str) – Required. Project ID field of the API key (write only).
private_key_id (str) – Required. Private key ID field of the API key (write only).
private_key (str) – Required. Private key field of the API key (write only).
client_email (str) – Required. Client email field of the API key (write only).
client_id (str) – Required. Client ID field of the API key (write only).
auth_uri (str) – Required. Auth URI field of the API key (write only).
token_uri (str) – Required. Token URI field of the API key (write only).
auth_provider_x509_cert_url (str) – Required. Auth provider x509 certificate URL field of the API key (write only).
client_x509_cert_url (str) – Required. Client x509 certificate URL field of the API key (write only).

class azure.mgmt.security.models.HttpC2DMessagesNotInAllowedRange(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size: datetime.timedelta, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule

Number of cloud to device messages (HTTP protocol) is not in allowed range.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

display_name (str) – The display name of the custom alert.
description (str) – The description of the custom alert.

Parameters

is_enabled (bool) – Required. Status of the custom alert.
rule_type (str) – Required. The type of the custom alert rule.Constant filled by server.
min_threshold (int) – Required. The minimum threshold.
max_threshold (int) – Required. The maximum threshold.
time_window_size (timedelta) – Required. The time window size in iso8601 format.

class azure.mgmt.security.models.HttpC2DRejectedMessagesNotInAllowedRange(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size: datetime.timedelta, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule

Number of rejected cloud to device messages (HTTP protocol) is not in allowed range.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

display_name (str) – The display name of the custom alert.
description (str) – The description of the custom alert.

Parameters

is_enabled (bool) – Required. Status of the custom alert.
rule_type (str) – Required. The type of the custom alert rule.Constant filled by server.
min_threshold (int) – Required. The minimum threshold.
max_threshold (int) – Required. The maximum threshold.
time_window_size (timedelta) – Required. The time window size in iso8601 format.

class azure.mgmt.security.models.HttpD2CMessagesNotInAllowedRange(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size: datetime.timedelta, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule

Number of device to cloud messages (HTTP protocol) is not in allowed range.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

display_name (str) – The display name of the custom alert.
description (str) – The description of the custom alert.

Parameters

is_enabled (bool) – Required. Status of the custom alert.
rule_type (str) – Required. The type of the custom alert rule.Constant filled by server.
min_threshold (int) – Required. The minimum threshold.
max_threshold (int) – Required. The maximum threshold.
time_window_size (timedelta) – Required. The time window size in iso8601 format.

class azure.mgmt.security.models.HybridComputeProvisioningState(value)[source]¶

Bases: str, enum.Enum

State of the service principal and its secret

EXPIRED = 'Expired'¶: the service principal details are expired.

INVALID = 'Invalid'¶: Invalid service principal details.

VALID = 'Valid'¶: Valid service principal details.

class azure.mgmt.security.models.HybridComputeSettingsProperties(*, auto_provision: str, resource_group_name: Optional[str] = None, region: Optional[str] = None, proxy_server: Optional[azure.mgmt.security.models._models_py3.ProxyServerProperties] = None, service_principal: Optional[azure.mgmt.security.models._models_py3.ServicePrincipalProperties] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

Settings for hybrid compute management.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

hybrid_compute_provisioning_state (str or HybridComputeProvisioningState) – State of the service principal and its secret. Possible values include: “Valid”, “Invalid”, “Expired”.

Parameters

auto_provision (str or AutoProvision) – Required. Whether or not to automatically install Azure Arc (hybrid compute) agents on machines. Possible values include: “On”, “Off”.
resource_group_name (str) – The name of the resource group where Arc (Hybrid Compute) connectors are connected.
region (str) – The location where the metadata of machines will be stored.
proxy_server (ProxyServerProperties) – For a non-Azure machine that is not connected directly to the internet, specify a proxy server that the non-Azure machine can use.
service_principal (ServicePrincipalProperties) – An object to access resources that are secured by an Azure AD tenant.

class azure.mgmt.security.models.ImplementationEffort(value)[source]¶

Bases: str, enum.Enum

The implementation effort required to remediate this assessment

HIGH = 'High'¶

LOW = 'Low'¶

MODERATE = 'Moderate'¶

class azure.mgmt.security.models.InformationProtectionKeyword(*, pattern: Optional[str] = None, custom: Optional[bool] = None, can_be_numeric: Optional[bool] = None, excluded: Optional[bool] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

The information type keyword.

Parameters

pattern (str) – The keyword pattern.
custom (bool) – Indicates whether the keyword is custom or not.
can_be_numeric (bool) – Indicates whether the keyword can be applied on numeric types or not.
excluded (bool) – Indicates whether the keyword is excluded or not.

class azure.mgmt.security.models.InformationProtectionPolicy(*, labels: Optional[Dict[str, azure.mgmt.security.models._models_py3.SensitivityLabel]] = None, information_types: Optional[Dict[str, azure.mgmt.security.models._models_py3.InformationType]] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource

Information protection policy.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.
last_modified_utc (datetime) – Describes the last UTC time the policy was modified.
version (str) – Describes the version of the policy.

Parameters

labels (dict[str, SensitivityLabel]) – Dictionary of sensitivity labels.
information_types (dict[str, InformationType]) – The sensitivity information types.

class azure.mgmt.security.models.InformationProtectionPolicyList(*, value: Optional[List[azure.mgmt.security.models._models_py3.InformationProtectionPolicy]] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

Information protection policies response.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters: value (list[InformationProtectionPolicy]) – List of information protection policies.
Variables: next_link (str) – The URI to fetch the next page.

class azure.mgmt.security.models.InformationType(*, display_name: Optional[str] = None, description: Optional[str] = None, order: Optional[int] = None, recommended_label_id: Optional[str] = None, enabled: Optional[bool] = None, custom: Optional[bool] = None, keywords: Optional[List[azure.mgmt.security.models._models_py3.InformationProtectionKeyword]] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

The information type.

Parameters

display_name (str) – The name of the information type.
description (str) – The description of the information type.
order (int) – The order of the information type.
recommended_label_id (str) – The recommended label id to be associated with this information type.
enabled (bool) – Indicates whether the information type is enabled or not.
custom (bool) – Indicates whether the information type is custom or not.
keywords (list[InformationProtectionKeyword]) – The information type keywords.

class azure.mgmt.security.models.IngestionConnectionString(**kwargs)[source]¶

Bases: msrest.serialization.Model

Connection string for ingesting security data and logs.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

location (str) – The region where ingested logs and data resides.
value (str) – Connection string value.

class azure.mgmt.security.models.IngestionSetting(*, properties: Optional[Any] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource

Configures how to correlate scan data and logs with resources associated with the subscription.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.

Parameters

properties (any) – Ingestion setting data.

class azure.mgmt.security.models.IngestionSettingList(**kwargs)[source]¶

Bases: msrest.serialization.Model

List of ingestion settings.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

value (list[IngestionSetting]) – List of ingestion settings.
next_link (str) – The URI to fetch the next page.

class azure.mgmt.security.models.IngestionSettingToken(**kwargs)[source]¶

Bases: msrest.serialization.Model

Configures how to correlate scan data and logs with resources associated with the subscription.

Variables are only populated by the server, and will be ignored when sending a request.

Variables: token (str) – The token is used for correlating security data and logs with the resources in the subscription.

class azure.mgmt.security.models.Intent(value)[source]¶

Bases: str, enum.Enum

The kill chain related intent behind the alert. For list of supported values, and explanations of Azure Security Center’s supported kill chain intents.

COLLECTION = 'Collection'¶: Collection consists of techniques used to identify and gather information, such as sensitive files, from a target network prior to exfiltration.

COMMAND_AND_CONTROL = 'CommandAndControl'¶: The command and control tactic represents how adversaries communicate with systems under their control within a target network.

CREDENTIAL_ACCESS = 'CredentialAccess'¶: Credential access represents techniques resulting in access to or control over system, domain, or service credentials that are used within an enterprise environment.

DEFENSE_EVASION = 'DefenseEvasion'¶: Defense evasion consists of techniques an adversary may use to evade detection or avoid other defenses.

DISCOVERY = 'Discovery'¶: Discovery consists of techniques that allow the adversary to gain knowledge about the system and internal network.

EXECUTION = 'Execution'¶: The execution tactic represents techniques that result in execution of adversary-controlled code on a local or remote system.

EXFILTRATION = 'Exfiltration'¶: Exfiltration refers to techniques and attributes that result or aid in the adversary removing files and information from a target network.

EXPLOITATION = 'Exploitation'¶: Exploitation is the stage where an attacker manages to get a foothold on the attacked resource. This stage is relevant for compute hosts and resources such as user accounts, certificates etc.

IMPACT = 'Impact'¶: Impact events primarily try to directly reduce the availability or integrity of a system, service, or network; including manipulation of data to impact a business or operational process.

INITIAL_ACCESS = 'InitialAccess'¶: InitialAccess is the stage where an attacker manages to get foothold on the attacked resource.

LATERAL_MOVEMENT = 'LateralMovement'¶: Lateral movement consists of techniques that enable an adversary to access and control remote systems on a network and could, but does not necessarily, include execution of tools on remote systems.

PERSISTENCE = 'Persistence'¶: Persistence is any access, action, or configuration change to a system that gives a threat actor a persistent presence on that system.

PRE_ATTACK = 'PreAttack'¶: PreAttack could be either an attempt to access a certain resource regardless of a malicious intent, or a failed attempt to gain access to a target system to gather information prior to exploitation. This step is usually detected as an attempt, originating from outside the network, to scan the target system and find a way in. Further details on the PreAttack stage can be read in MITRE Pre-Att&ck matrix.

PRIVILEGE_ESCALATION = 'PrivilegeEscalation'¶: Privilege escalation is the result of actions that allow an adversary to obtain a higher level of permissions on a system or network.

PROBING = 'Probing'¶: Probing could be either an attempt to access a certain resource regardless of a malicious intent, or a failed attempt to gain access to a target system to gather information prior to exploitation.

UNKNOWN = 'Unknown'¶: Unknown.

class azure.mgmt.security.models.IoTSecurityAggregatedAlert(*, tags: Optional[Dict[str, str]] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource, azure.mgmt.security.models._models_py3.TagsResource

Security Solution Aggregated Alert information.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters

tags (dict[str, str]) – A set of tags. Resource tags.

Variables

id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.
alert_type (str) – Name of the alert type.
alert_display_name (str) – Display name of the alert type.
aggregated_date_utc (date) – Date of detection.
vendor_name (str) – Name of the organization that raised the alert.
reported_severity (str or ReportedSeverity) – Assessed alert severity. Possible values include: “Informational”, “Low”, “Medium”, “High”.
remediation_steps (str) – Recommended steps for remediation.
description (str) – Description of the suspected vulnerability and meaning.
count (long) – Number of alerts occurrences within the aggregated time window.
effected_resource_type (str) – Azure resource ID of the resource that received the alerts.
system_source (str) – The type of the alerted resource (Azure, Non-Azure).
action_taken (str) – IoT Security solution alert response.
log_analytics_query (str) – Log analytics query for getting the list of affected devices/alerts.
top_devices_list (list[IoTSecurityAggregatedAlertPropertiesTopDevicesListItem]) – 10 devices with the highest number of occurrences of this alert type, on this day.

class azure.mgmt.security.models.IoTSecurityAggregatedAlertList(*, value: List[azure.mgmt.security.models._models_py3.IoTSecurityAggregatedAlert], **kwargs)[source]¶

Bases: msrest.serialization.Model

List of IoT Security solution aggregated alert data.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Parameters: value (list[IoTSecurityAggregatedAlert]) – Required. List of aggregated alerts data.
Variables: next_link (str) – When there is too much alert data for one page, use this URI to fetch the next page.

class azure.mgmt.security.models.IoTSecurityAggregatedAlertPropertiesTopDevicesListItem(**kwargs)[source]¶

Bases: msrest.serialization.Model

IoTSecurityAggregatedAlertPropertiesTopDevicesListItem.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

device_id (str) – Name of the device.
alerts_count (long) – Number of alerts raised for this device.
last_occurrence (str) – Most recent time this alert was raised for this device, on this day.

class azure.mgmt.security.models.IoTSecurityAggregatedRecommendation(*, tags: Optional[Dict[str, str]] = None, recommendation_name: Optional[str] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource, azure.mgmt.security.models._models_py3.TagsResource

IoT Security solution recommendation information.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters

tags (dict[str, str]) – A set of tags. Resource tags.
recommendation_name (str) – Name of the recommendation.

Variables

id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.
recommendation_display_name (str) – Display name of the recommendation type.
description (str) – Description of the suspected vulnerability and meaning.
recommendation_type_id (str) – Recommendation-type GUID.
detected_by (str) – Name of the organization that made the recommendation.
remediation_steps (str) – Recommended steps for remediation.
reported_severity (str or ReportedSeverity) – Assessed recommendation severity. Possible values include: “Informational”, “Low”, “Medium”, “High”.
healthy_devices (long) – Number of healthy devices within the IoT Security solution.
unhealthy_device_count (long) – Number of unhealthy devices within the IoT Security solution.
log_analytics_query (str) – Log analytics query for getting the list of affected devices/alerts.

class azure.mgmt.security.models.IoTSecurityAggregatedRecommendationList(*, value: List[azure.mgmt.security.models._models_py3.IoTSecurityAggregatedRecommendation], **kwargs)[source]¶

Bases: msrest.serialization.Model

List of IoT Security solution aggregated recommendations.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Parameters: value (list[IoTSecurityAggregatedRecommendation]) – Required. List of aggregated recommendations data.
Variables: next_link (str) – When there is too much alert data for one page, use this URI to fetch the next page.

class azure.mgmt.security.models.IoTSecurityAlertedDevice(**kwargs)[source]¶

Bases: msrest.serialization.Model

Statistical information about the number of alerts per device during last set number of days.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

device_id (str) – Device identifier.
alerts_count (long) – Number of alerts raised for this device.

class azure.mgmt.security.models.IoTSecurityDeviceAlert(**kwargs)[source]¶

Bases: msrest.serialization.Model

Statistical information about the number of alerts per alert type during last set number of days.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

alert_display_name (str) – Display name of the alert.
reported_severity (str or ReportedSeverity) – Assessed Alert severity. Possible values include: “Informational”, “Low”, “Medium”, “High”.
alerts_count (long) – Number of alerts raised for this alert type.

class azure.mgmt.security.models.IoTSecurityDeviceRecommendation(**kwargs)[source]¶

Bases: msrest.serialization.Model

Statistical information about the number of recommendations per device, per recommendation type.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

recommendation_display_name (str) – Display name of the recommendation.
reported_severity (str or ReportedSeverity) – Assessed recommendation severity. Possible values include: “Informational”, “Low”, “Medium”, “High”.
devices_count (long) – Number of devices with this recommendation.

class azure.mgmt.security.models.IoTSecuritySolutionAnalyticsModel(*, top_alerted_devices: Optional[List[azure.mgmt.security.models._models_py3.IoTSecurityAlertedDevice]] = None, most_prevalent_device_alerts: Optional[List[azure.mgmt.security.models._models_py3.IoTSecurityDeviceAlert]] = None, most_prevalent_device_recommendations: Optional[List[azure.mgmt.security.models._models_py3.IoTSecurityDeviceRecommendation]] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource

Security analytics of your IoT Security solution.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.
metrics (IoTSeverityMetrics) – Security analytics of your IoT Security solution.
unhealthy_device_count (long) – Number of unhealthy devices within your IoT Security solution.
devices_metrics (list[IoTSecuritySolutionAnalyticsModelPropertiesDevicesMetricsItem]) – List of device metrics by the aggregation date.

Parameters

top_alerted_devices (list[IoTSecurityAlertedDevice]) – List of the 3 devices with the most alerts.
most_prevalent_device_alerts (list[IoTSecurityDeviceAlert]) – List of the 3 most prevalent device alerts.
most_prevalent_device_recommendations (list[IoTSecurityDeviceRecommendation]) – List of the 3 most prevalent device recommendations.

class azure.mgmt.security.models.IoTSecuritySolutionAnalyticsModelList(*, value: List[azure.mgmt.security.models._models_py3.IoTSecuritySolutionAnalyticsModel], **kwargs)[source]¶

Bases: msrest.serialization.Model

List of Security analytics of your IoT Security solution.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Parameters: value (list[IoTSecuritySolutionAnalyticsModel]) – Required. List of Security analytics of your IoT Security solution.
Variables: next_link (str) – When there is too much alert data for one page, use this URI to fetch the next page.

class azure.mgmt.security.models.IoTSecuritySolutionAnalyticsModelPropertiesDevicesMetricsItem(*, date: Optional[datetime.datetime] = None, devices_metrics: Optional[azure.mgmt.security.models._models_py3.IoTSeverityMetrics] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

IoTSecuritySolutionAnalyticsModelPropertiesDevicesMetricsItem.

Parameters

date (datetime) – Aggregation of IoT Security solution device alert metrics by date.
devices_metrics (IoTSeverityMetrics) – Device alert count by severity.

class azure.mgmt.security.models.IoTSecuritySolutionModel(*, tags: Optional[Dict[str, str]] = None, location: Optional[str] = None, workspace: Optional[str] = None, display_name: Optional[str] = None, status: Optional[str] = 'Enabled', export: Optional[List[str]] = None, disabled_data_sources: Optional[List[str]] = None, iot_hubs: Optional[List[str]] = None, user_defined_resources: Optional[azure.mgmt.security.models._models_py3.UserDefinedResourcesProperties] = None, recommendations_configuration: Optional[List[azure.mgmt.security.models._models_py3.RecommendationConfigurationProperties]] = None, unmasked_ip_logging_status: Optional[str] = 'Disabled', additional_workspaces: Optional[List[azure.mgmt.security.models._models_py3.AdditionalWorkspacesProperties]] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource, azure.mgmt.security.models._models_py3.TagsResource

IoT Security solution configuration and resource information.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters

tags (dict[str, str]) – A set of tags. Resource tags.
location (str) – The resource location.
workspace (str) – Workspace resource ID.
display_name (str) – Resource display name.
status (str or SecuritySolutionStatus) – Status of the IoT Security solution. Possible values include: “Enabled”, “Disabled”. Default value: “Enabled”.
export (list[str or ExportData]) – List of additional options for exporting to workspace data.
disabled_data_sources (list[str or DataSource]) – Disabled data sources. Disabling these data sources compromises the system.
iot_hubs (list[str]) – IoT Hub resource IDs.
user_defined_resources (UserDefinedResourcesProperties) – Properties of the IoT Security solution’s user defined resources.
recommendations_configuration (list[RecommendationConfigurationProperties]) – List of the configuration status for each recommendation type.
unmasked_ip_logging_status (str or UnmaskedIpLoggingStatus) – Unmasked IP address logging status. Possible values include: “Disabled”, “Enabled”. Default value: “Disabled”.
additional_workspaces (list[AdditionalWorkspacesProperties]) – List of additional workspaces.

Variables

id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.
system_data (SystemData) – Azure Resource Manager metadata containing createdBy and modifiedBy information.
auto_discovered_resources (list[str]) – List of resources that were automatically discovered as relevant to the security solution.

class azure.mgmt.security.models.IoTSecuritySolutionsList(*, value: List[azure.mgmt.security.models._models_py3.IoTSecuritySolutionModel], **kwargs)[source]¶

Bases: msrest.serialization.Model

List of IoT Security solutions.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Parameters: value (list[IoTSecuritySolutionModel]) – Required. List of IoT Security solutions.
Variables: next_link (str) – The URI to fetch the next page.

class azure.mgmt.security.models.IoTSeverityMetrics(*, high: Optional[int] = None, medium: Optional[int] = None, low: Optional[int] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

IoT Security solution analytics severity metrics.

Parameters

high (long) – Count of high severity alerts/recommendations.
medium (long) – Count of medium severity alerts/recommendations.
low (long) – Count of low severity alerts/recommendations.

class azure.mgmt.security.models.JitNetworkAccessPoliciesList(*, value: Optional[List[azure.mgmt.security.models._models_py3.JitNetworkAccessPolicy]] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

JitNetworkAccessPoliciesList.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters: value (list[JitNetworkAccessPolicy]) –
Variables: next_link (str) – The URI to fetch the next page.

class azure.mgmt.security.models.JitNetworkAccessPolicy(*, virtual_machines: List[azure.mgmt.security.models._models_py3.JitNetworkAccessPolicyVirtualMachine], kind: Optional[str] = None, requests: Optional[List[azure.mgmt.security.models._models_py3.JitNetworkAccessRequest]] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource, azure.mgmt.security.models._models_py3.Kind, azure.mgmt.security.models._models_py3.Location

JitNetworkAccessPolicy.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

location (str) – Location where the resource is stored.
id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.
provisioning_state (str) – Gets the provisioning state of the Just-in-Time policy.

Parameters

kind (str) – Kind of the resource.
virtual_machines (list[JitNetworkAccessPolicyVirtualMachine]) – Required. Configurations for Microsoft.Compute/virtualMachines resource type.
requests (list[JitNetworkAccessRequest]) –

class azure.mgmt.security.models.JitNetworkAccessPolicyInitiatePort(*, number: int, end_time_utc: datetime.datetime, allowed_source_address_prefix: Optional[str] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

JitNetworkAccessPolicyInitiatePort.

All required parameters must be populated in order to send to Azure.

Parameters

number (int) – Required.
allowed_source_address_prefix (str) – Source of the allowed traffic. If omitted, the request will be for the source IP address of the initiate request.
end_time_utc (datetime) – Required. The time to close the request in UTC.

class azure.mgmt.security.models.JitNetworkAccessPolicyInitiateRequest(*, virtual_machines: List[azure.mgmt.security.models._models_py3.JitNetworkAccessPolicyInitiateVirtualMachine], justification: Optional[str] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

JitNetworkAccessPolicyInitiateRequest.

All required parameters must be populated in order to send to Azure.

Parameters

virtual_machines (list[JitNetworkAccessPolicyInitiateVirtualMachine]) – Required. A list of virtual machines & ports to open access for.
justification (str) – The justification for making the initiate request.

class azure.mgmt.security.models.JitNetworkAccessPolicyInitiateVirtualMachine(*, id: str, ports: List[azure.mgmt.security.models._models_py3.JitNetworkAccessPolicyInitiatePort], **kwargs)[source]¶

Bases: msrest.serialization.Model

JitNetworkAccessPolicyInitiateVirtualMachine.

All required parameters must be populated in order to send to Azure.

Parameters

id (str) – Required. Resource ID of the virtual machine that is linked to this policy.
ports (list[JitNetworkAccessPolicyInitiatePort]) – Required. The ports to open for the resource with the id.

class azure.mgmt.security.models.JitNetworkAccessPolicyVirtualMachine(*, id: str, ports: List[azure.mgmt.security.models._models_py3.JitNetworkAccessPortRule], public_ip_address: Optional[str] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

JitNetworkAccessPolicyVirtualMachine.

All required parameters must be populated in order to send to Azure.

Parameters

id (str) – Required. Resource ID of the virtual machine that is linked to this policy.
ports (list[JitNetworkAccessPortRule]) – Required. Port configurations for the virtual machine.
public_ip_address (str) – Public IP address of the Azure Firewall that is linked to this policy, if applicable.

class azure.mgmt.security.models.JitNetworkAccessPortRule(*, number: int, protocol: str, max_request_access_duration: str, allowed_source_address_prefix: Optional[str] = None, allowed_source_address_prefixes: Optional[List[str]] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

JitNetworkAccessPortRule.

All required parameters must be populated in order to send to Azure.

Parameters

number (int) – Required.
protocol (str or ProtocolEnum) – Required. Possible values include: “TCP”, “UDP”, “*”.
allowed_source_address_prefix (str) – Mutually exclusive with the “allowedSourceAddressPrefixes” parameter. Should be an IP address or CIDR, for example “192.168.0.3” or “192.168.0.0/16”.
allowed_source_address_prefixes (list[str]) – Mutually exclusive with the “allowedSourceAddressPrefix” parameter.
max_request_access_duration (str) – Required. Maximum duration requests can be made for. In ISO 8601 duration format. Minimum 5 minutes, maximum 1 day.

class azure.mgmt.security.models.JitNetworkAccessRequest(*, virtual_machines: List[azure.mgmt.security.models._models_py3.JitNetworkAccessRequestVirtualMachine], start_time_utc: datetime.datetime, requestor: str, justification: Optional[str] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

JitNetworkAccessRequest.

All required parameters must be populated in order to send to Azure.

Parameters

virtual_machines (list[JitNetworkAccessRequestVirtualMachine]) – Required.
start_time_utc (datetime) – Required. The start time of the request in UTC.
requestor (str) – Required. The identity of the person who made the request.
justification (str) – The justification for making the initiate request.

class azure.mgmt.security.models.JitNetworkAccessRequestPort(*, number: int, end_time_utc: datetime.datetime, status: str, status_reason: str, allowed_source_address_prefix: Optional[str] = None, allowed_source_address_prefixes: Optional[List[str]] = None, mapped_port: Optional[int] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

JitNetworkAccessRequestPort.

All required parameters must be populated in order to send to Azure.

Parameters

number (int) – Required.
allowed_source_address_prefix (str) – Mutually exclusive with the “allowedSourceAddressPrefixes” parameter. Should be an IP address or CIDR, for example “192.168.0.3” or “192.168.0.0/16”.
allowed_source_address_prefixes (list[str]) – Mutually exclusive with the “allowedSourceAddressPrefix” parameter.
end_time_utc (datetime) – Required. The date & time at which the request ends in UTC.
status (str or Status) – Required. The status of the port. Possible values include: “Revoked”, “Initiated”.
status_reason (str or StatusReason) – Required. A description of why the status has its value. Possible values include: “Expired”, “UserRequested”, “NewerRequestInitiated”.
mapped_port (int) – The port which is mapped to this port’s number in the Azure Firewall, if applicable.

class azure.mgmt.security.models.JitNetworkAccessRequestVirtualMachine(*, id: str, ports: List[azure.mgmt.security.models._models_py3.JitNetworkAccessRequestPort], **kwargs)[source]¶

Bases: msrest.serialization.Model

JitNetworkAccessRequestVirtualMachine.

All required parameters must be populated in order to send to Azure.

Parameters

id (str) – Required. Resource ID of the virtual machine that is linked to this policy.
ports (list[JitNetworkAccessRequestPort]) – Required. The ports that were opened for the virtual machine.

class azure.mgmt.security.models.Kind(*, kind: Optional[str] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

Describes an Azure resource with kind.

Parameters: kind (str) – Kind of the resource.

class azure.mgmt.security.models.KindEnum(value)[source]¶

Bases: str, enum.Enum

The kind of alert simulation.

BUNDLES = 'Bundles'¶: Simulate alerts according to bundles.

class azure.mgmt.security.models.ListCustomAlertRule(*, is_enabled: bool, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.CustomAlertRule

A List custom alert rule.

You probably want to use the sub-classes and not this class directly. Known sub-classes are: AllowlistCustomAlertRule, DenylistCustomAlertRule.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

display_name (str) – The display name of the custom alert.
description (str) – The description of the custom alert.
value_type (str or ValueType) – The value type of the items in the list. Possible values include: “IpCidr”, “String”.

Parameters

is_enabled (bool) – Required. Status of the custom alert.
rule_type (str) – Required. The type of the custom alert rule.Constant filled by server.

class azure.mgmt.security.models.LocalUserNotAllowed(*, is_enabled: bool, allowlist_values: List[str], **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.AllowlistCustomAlertRule

Login by a local user that isn’t allowed. Allow list consists of login names to allow.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

display_name (str) – The display name of the custom alert.
description (str) – The description of the custom alert.
value_type (str or ValueType) – The value type of the items in the list. Possible values include: “IpCidr”, “String”.

Parameters

is_enabled (bool) – Required. Status of the custom alert.
rule_type (str) – Required. The type of the custom alert rule.Constant filled by server.
allowlist_values (list[str]) – Required. The values to allow. The format of the values depends on the rule type.

class azure.mgmt.security.models.Location(**kwargs)[source]¶

Bases: msrest.serialization.Model

Describes an Azure resource with location.

Variables are only populated by the server, and will be ignored when sending a request.

Variables: location (str) – Location where the resource is stored.

class azure.mgmt.security.models.LogAnalyticsIdentifier(**kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.ResourceIdentifier

Represents a Log Analytics workspace scope identifier.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Parameters

type (str or ResourceIdentifierType) – Required. There can be multiple identifiers of different type per alert, this field specify the identifier type.Constant filled by server. Possible values include: “AzureResource”, “LogAnalytics”.

Variables

workspace_id (str) – The LogAnalytics workspace id that stores this alert.
workspace_subscription_id (str) – The azure subscription id for the LogAnalytics workspace storing this alert.
workspace_resource_group (str) – The azure resource group for the LogAnalytics workspace storing this alert.
agent_id (str) – (optional) The LogAnalytics agent id reporting the event that this alert is based on.

class azure.mgmt.security.models.MqttC2DMessagesNotInAllowedRange(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size: datetime.timedelta, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule

Number of cloud to device messages (MQTT protocol) is not in allowed range.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

display_name (str) – The display name of the custom alert.
description (str) – The description of the custom alert.

Parameters

is_enabled (bool) – Required. Status of the custom alert.
rule_type (str) – Required. The type of the custom alert rule.Constant filled by server.
min_threshold (int) – Required. The minimum threshold.
max_threshold (int) – Required. The maximum threshold.
time_window_size (timedelta) – Required. The time window size in iso8601 format.

class azure.mgmt.security.models.MqttC2DRejectedMessagesNotInAllowedRange(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size: datetime.timedelta, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule

Number of rejected cloud to device messages (MQTT protocol) is not in allowed range.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

display_name (str) – The display name of the custom alert.
description (str) – The description of the custom alert.

Parameters

is_enabled (bool) – Required. Status of the custom alert.
rule_type (str) – Required. The type of the custom alert rule.Constant filled by server.
min_threshold (int) – Required. The minimum threshold.
max_threshold (int) – Required. The maximum threshold.
time_window_size (timedelta) – Required. The time window size in iso8601 format.

class azure.mgmt.security.models.MqttD2CMessagesNotInAllowedRange(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size: datetime.timedelta, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule

Number of device to cloud messages (MQTT protocol) is not in allowed range.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

display_name (str) – The display name of the custom alert.
description (str) – The description of the custom alert.

Parameters

is_enabled (bool) – Required. Status of the custom alert.
rule_type (str) – Required. The type of the custom alert rule.Constant filled by server.
min_threshold (int) – Required. The minimum threshold.
max_threshold (int) – Required. The maximum threshold.
time_window_size (timedelta) – Required. The time window size in iso8601 format.

class azure.mgmt.security.models.OnPremiseResourceDetails(*, workspace_id: str, vmuuid: str, source_computer_id: str, machine_name: str, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.ResourceDetails

Details of the On Premise resource that was assessed.

You probably want to use the sub-classes and not this class directly. Known sub-classes are: OnPremiseSqlResourceDetails.

All required parameters must be populated in order to send to Azure.

Parameters

source (str or Source) – Required. The platform where the assessed resource resides.Constant filled by server. Possible values include: “Azure”, “OnPremise”, “OnPremiseSql”.
workspace_id (str) – Required. Azure resource Id of the workspace the machine is attached to.
vmuuid (str) – Required. The unique Id of the machine.
source_computer_id (str) – Required. The oms agent Id installed on the machine.
machine_name (str) – Required. The name of the machine.

class azure.mgmt.security.models.OnPremiseSqlResourceDetails(*, workspace_id: str, vmuuid: str, source_computer_id: str, machine_name: str, server_name: str, database_name: str, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.OnPremiseResourceDetails

Details of the On Premise Sql resource that was assessed.

All required parameters must be populated in order to send to Azure.

Parameters

source (str or Source) – Required. The platform where the assessed resource resides.Constant filled by server. Possible values include: “Azure”, “OnPremise”, “OnPremiseSql”.
workspace_id (str) – Required. Azure resource Id of the workspace the machine is attached to.
vmuuid (str) – Required. The unique Id of the machine.
source_computer_id (str) – Required. The oms agent Id installed on the machine.
machine_name (str) – Required. The name of the machine.
server_name (str) – Required. The Sql server name installed on the machine.
database_name (str) – Required. The Sql database name installed on the machine.

class azure.mgmt.security.models.Operation(*, display: Optional[azure.mgmt.security.models._models_py3.OperationDisplay] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

Possible operation in the REST API of Microsoft.Security.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

name (str) – Name of the operation.
origin (str) – Where the operation is originated.

Parameters

display (OperationDisplay) – Security operation display.

class azure.mgmt.security.models.OperationDisplay(**kwargs)[source]¶

Bases: msrest.serialization.Model

Security operation display.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

provider (str) – The resource provider for the operation.
resource (str) – The display name of the resource the operation applies to.
operation (str) – The display name of the security operation.
description (str) – The description of the operation.

class azure.mgmt.security.models.OperationList(*, value: Optional[List[azure.mgmt.security.models._models_py3.Operation]] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

List of possible operations for Microsoft.Security resource provider.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters: value (list[Operation]) – List of Security operations.
Variables: next_link (str) – The URI to fetch the next page.

class azure.mgmt.security.models.Operator(value)[source]¶

Bases: str, enum.Enum

A valid comparer operator to use. A case-insensitive comparison will be applied for String PropertyType.

CONTAINS = 'Contains'¶: Applies only for non-decimal operands.

ENDS_WITH = 'EndsWith'¶: Applies only for non-decimal operands.

EQUALS = 'Equals'¶: Applies for decimal and non-decimal operands.

GREATER_THAN = 'GreaterThan'¶: Applies only for decimal operands.

GREATER_THAN_OR_EQUAL_TO = 'GreaterThanOrEqualTo'¶: Applies only for decimal operands.

LESSER_THAN = 'LesserThan'¶: Applies only for decimal operands.

LESSER_THAN_OR_EQUAL_TO = 'LesserThanOrEqualTo'¶: Applies only for decimal operands.

NOT_EQUALS = 'NotEquals'¶: Applies for decimal and non-decimal operands.

STARTS_WITH = 'StartsWith'¶: Applies only for non-decimal operands.

class azure.mgmt.security.models.PathRecommendation(*, path: Optional[str] = None, action: Optional[str] = None, type: Optional[str] = None, publisher_info: Optional[azure.mgmt.security.models._models_py3.PublisherInfo] = None, common: Optional[bool] = None, user_sids: Optional[List[str]] = None, usernames: Optional[List[azure.mgmt.security.models._models_py3.UserRecommendation]] = None, file_type: Optional[str] = None, configuration_status: Optional[str] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

Represents a path that is recommended to be allowed and its properties.

Parameters

path (str) – The full path of the file, or an identifier of the application.
action (str or RecommendationAction) – The recommendation action of the machine or rule. Possible values include: “Recommended”, “Add”, “Remove”.
type (str or RecommendationType) – The type of IoT Security recommendation. Possible values include: “IoT_ACRAuthentication”, “IoT_AgentSendsUnutilizedMessages”, “IoT_Baseline”, “IoT_EdgeHubMemOptimize”, “IoT_EdgeLoggingOptions”, “IoT_InconsistentModuleSettings”, “IoT_InstallAgent”, “IoT_IPFilter_DenyAll”, “IoT_IPFilter_PermissiveRule”, “IoT_OpenPorts”, “IoT_PermissiveFirewallPolicy”, “IoT_PermissiveInputFirewallRules”, “IoT_PermissiveOutputFirewallRules”, “IoT_PrivilegedDockerOptions”, “IoT_SharedCredentials”, “IoT_VulnerableTLSCipherSuite”.
publisher_info (PublisherInfo) – Represents the publisher information of a process/rule.
common (bool) – Whether the application is commonly run on the machine.
user_sids (list[str]) –
usernames (list[UserRecommendation]) –
file_type (str or FileType) – The type of the file (for Linux files - Executable is used). Possible values include: “Exe”, “Dll”, “Msi”, “Script”, “Executable”, “Unknown”.
configuration_status (str or ConfigurationStatus) – The configuration status of the machines group or machine or rule. Possible values include: “Configured”, “NotConfigured”, “InProgress”, “Failed”, “NoStatus”.

class azure.mgmt.security.models.PermissionProperty(value)[source]¶

Bases: str, enum.Enum

A permission detected in the cloud account.

AWS_AMAZON_SSM_AUTOMATION_ROLE = 'AWS::AmazonSSMAutomationRole'¶: The permission provides for EC2 Automation service to execute activities defined within Automation documents.

AWS_AWS_SECURITY_HUB_READ_ONLY_ACCESS = 'AWS::AWSSecurityHubReadOnlyAccess'¶: This permission provides read only access to AWS Security Hub resources.

AWS_SECURITY_AUDIT = 'AWS::SecurityAudit'¶: This permission grants access to read security configuration metadata.

GCP_SECURITY_CENTER_ADMIN_VIEWER = 'GCP::Security Center Admin Viewer'¶: This permission provides read only access to GCP Security Command Center.

class azure.mgmt.security.models.Pricing(*, pricing_tier: Optional[str] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource

Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.
free_trial_remaining_time (timedelta) – The duration left for the subscriptions free trial period - in ISO 8601 format (e.g. P3Y6M4DT12H30M5S).

Parameters

pricing_tier (str or PricingTier) – The pricing tier value. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. Possible values include: “Free”, “Standard”.

class azure.mgmt.security.models.PricingList(*, value: List[azure.mgmt.security.models._models_py3.Pricing], **kwargs)[source]¶

Bases: msrest.serialization.Model

List of pricing configurations response.

All required parameters must be populated in order to send to Azure.

Parameters: value (list[Pricing]) – Required. List of pricing configurations.

class azure.mgmt.security.models.PricingTier(value)[source]¶

Bases: str, enum.Enum

The pricing tier value. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features.

FREE = 'Free'¶: Get free Azure security center experience with basic security features.

STANDARD = 'Standard'¶: Get the standard Azure security center experience with advanced security features.

class azure.mgmt.security.models.ProcessNotAllowed(*, is_enabled: bool, allowlist_values: List[str], **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.AllowlistCustomAlertRule

Execution of a process that isn’t allowed. Allow list consists of process names to allow.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

display_name (str) – The display name of the custom alert.
description (str) – The description of the custom alert.
value_type (str or ValueType) – The value type of the items in the list. Possible values include: “IpCidr”, “String”.

Parameters

is_enabled (bool) – Required. Status of the custom alert.
rule_type (str) – Required. The type of the custom alert rule.Constant filled by server.
allowlist_values (list[str]) – Required. The values to allow. The format of the values depends on the rule type.

class azure.mgmt.security.models.PropertyType(value)[source]¶

Bases: str, enum.Enum

The data type of the compared operands (string, integer, floating point number or a boolean [true/false]]

BOOLEAN = 'Boolean'¶

INTEGER = 'Integer'¶

NUMBER = 'Number'¶

STRING = 'String'¶

class azure.mgmt.security.models.ProtectionMode(*, exe: Optional[str] = None, msi: Optional[str] = None, script: Optional[str] = None, executable: Optional[str] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

The protection mode of the collection/file types. Exe/Msi/Script are used for Windows, Executable is used for Linux.

Parameters

exe (str or EnforcementMode) – The application control policy enforcement/protection mode of the machine group. Possible values include: “Audit”, “Enforce”, “None”.
msi (str or EnforcementMode) – The application control policy enforcement/protection mode of the machine group. Possible values include: “Audit”, “Enforce”, “None”.
script (str or EnforcementMode) – The application control policy enforcement/protection mode of the machine group. Possible values include: “Audit”, “Enforce”, “None”.
executable (str or EnforcementMode) – The application control policy enforcement/protection mode of the machine group. Possible values include: “Audit”, “Enforce”, “None”.

class azure.mgmt.security.models.ProtocolEnum(value)[source]¶

Bases: str, enum.Enum

An enumeration.

ALL = '*'¶

TCP = 'TCP'¶

UDP = 'UDP'¶

class azure.mgmt.security.models.ProvisioningState(value)[source]¶

Bases: str, enum.Enum

The security family provisioning State

FAILED = 'Failed'¶

SUCCEEDED = 'Succeeded'¶

UPDATING = 'Updating'¶

class azure.mgmt.security.models.ProxyServerProperties(*, ip: Optional[str] = None, port: Optional[str] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

For a non-Azure machine that is not connected directly to the internet, specify a proxy server that the non-Azure machine can use.

Parameters

ip (str) – Proxy server IP.
port (str) – Proxy server port.

class azure.mgmt.security.models.PublisherInfo(*, publisher_name: Optional[str] = None, product_name: Optional[str] = None, binary_name: Optional[str] = None, version: Optional[str] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

Represents the publisher information of a process/rule.

Parameters

publisher_name (str) – The Subject field of the x.509 certificate used to sign the code, using the following fields - O = Organization, L = Locality, S = State or Province, and C = Country.
product_name (str) – The product name taken from the file’s version resource.
binary_name (str) – The “OriginalName” field taken from the file’s version resource.
version (str) – The binary file version taken from the file’s version resource.

class azure.mgmt.security.models.QueryCheck(*, query: Optional[str] = None, expected_result: Optional[List[List[str]]] = None, column_names: Optional[List[str]] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

The rule query details.

Parameters

query (str) – The rule query.
expected_result (list[list[str]]) – Expected result.
column_names (list[str]) – Column names of expected result.

class azure.mgmt.security.models.QueuePurgesNotInAllowedRange(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size: datetime.timedelta, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule

Number of device queue purges is not in allowed range.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

display_name (str) – The display name of the custom alert.
description (str) – The description of the custom alert.

Parameters

is_enabled (bool) – Required. Status of the custom alert.
rule_type (str) – Required. The type of the custom alert rule.Constant filled by server.
min_threshold (int) – Required. The minimum threshold.
max_threshold (int) – Required. The maximum threshold.
time_window_size (timedelta) – Required. The time window size in iso8601 format.

class azure.mgmt.security.models.Rank(value)[source]¶

Bases: str, enum.Enum

The rank of the sensitivity label.

CRITICAL = 'Critical'¶

HIGH = 'High'¶

LOW = 'Low'¶

MEDIUM = 'Medium'¶

NONE = 'None'¶

class azure.mgmt.security.models.RecommendationAction(value)[source]¶

Bases: str, enum.Enum

The recommendation action of the machine or rule

ADD = 'Add'¶

RECOMMENDED = 'Recommended'¶

REMOVE = 'Remove'¶

class azure.mgmt.security.models.RecommendationConfigStatus(value)[source]¶

Bases: str, enum.Enum

Recommendation status. When the recommendation status is disabled recommendations are not generated.

DISABLED = 'Disabled'¶

ENABLED = 'Enabled'¶

class azure.mgmt.security.models.RecommendationConfigurationProperties(*, recommendation_type: str, status: str = 'Enabled', **kwargs)[source]¶

Bases: msrest.serialization.Model

The type of IoT Security recommendation.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Parameters

recommendation_type (str or RecommendationType) – Required. The type of IoT Security recommendation. Possible values include: “IoT_ACRAuthentication”, “IoT_AgentSendsUnutilizedMessages”, “IoT_Baseline”, “IoT_EdgeHubMemOptimize”, “IoT_EdgeLoggingOptions”, “IoT_InconsistentModuleSettings”, “IoT_InstallAgent”, “IoT_IPFilter_DenyAll”, “IoT_IPFilter_PermissiveRule”, “IoT_OpenPorts”, “IoT_PermissiveFirewallPolicy”, “IoT_PermissiveInputFirewallRules”, “IoT_PermissiveOutputFirewallRules”, “IoT_PrivilegedDockerOptions”, “IoT_SharedCredentials”, “IoT_VulnerableTLSCipherSuite”.
status (str or RecommendationConfigStatus) – Required. Recommendation status. When the recommendation status is disabled recommendations are not generated. Possible values include: “Disabled”, “Enabled”. Default value: “Enabled”.

Variables

name (str) –

class azure.mgmt.security.models.RecommendationStatus(value)[source]¶

Bases: str, enum.Enum

The initial recommendation status of the machine group or machine

NOT_AVAILABLE = 'NotAvailable'¶

NOT_RECOMMENDED = 'NotRecommended'¶

NO_STATUS = 'NoStatus'¶

RECOMMENDED = 'Recommended'¶

class azure.mgmt.security.models.RecommendationType(value)[source]¶

Bases: str, enum.Enum

The type of IoT Security recommendation.

IO_T_ACRAUTHENTICATION = 'IoT_ACRAuthentication'¶: Authentication schema used for pull an edge module from an ACR repository does not use Service Principal Authentication.

IO_T_AGENT_SENDS_UNUTILIZED_MESSAGES = 'IoT_AgentSendsUnutilizedMessages'¶: IoT agent message size capacity is currently underutilized, causing an increase in the number of sent messages. Adjust message intervals for better utilization.

IO_T_BASELINE = 'IoT_Baseline'¶: Identified security related system configuration issues.

IO_T_EDGE_HUB_MEM_OPTIMIZE = 'IoT_EdgeHubMemOptimize'¶: You can optimize Edge Hub memory usage by turning off protocol heads for any protocols not used by Edge modules in your solution.

IO_T_EDGE_LOGGING_OPTIONS = 'IoT_EdgeLoggingOptions'¶: Logging is disabled for this edge module.

IO_T_INCONSISTENT_MODULE_SETTINGS = 'IoT_InconsistentModuleSettings'¶: A minority within a device security group has inconsistent Edge Module settings with the rest of their group.

IO_T_INSTALL_AGENT = 'IoT_InstallAgent'¶: Install the Azure Security of Things Agent.

IO_T_IPFILTER_DENY_ALL = 'IoT_IPFilter_DenyAll'¶: IP Filter Configuration should have rules defined for allowed traffic and should deny all other traffic by default.

IO_T_IPFILTER_PERMISSIVE_RULE = 'IoT_IPFilter_PermissiveRule'¶: An Allow IP Filter rules source IP range is too large. Overly permissive rules might expose your IoT hub to malicious intenders.

IO_T_OPEN_PORTS = 'IoT_OpenPorts'¶: A listening endpoint was found on the device.

IO_T_PERMISSIVE_FIREWALL_POLICY = 'IoT_PermissiveFirewallPolicy'¶: An Allowed firewall policy was found (INPUT/OUTPUT). The policy should Deny all traffic by default and define rules to allow necessary communication to/from the device.

IO_T_PERMISSIVE_INPUT_FIREWALL_RULES = 'IoT_PermissiveInputFirewallRules'¶: A rule in the firewall has been found that contains a permissive pattern for a wide range of IP addresses or Ports.

IO_T_PERMISSIVE_OUTPUT_FIREWALL_RULES = 'IoT_PermissiveOutputFirewallRules'¶: A rule in the firewall has been found that contains a permissive pattern for a wide range of IP addresses or Ports.

IO_T_PRIVILEGED_DOCKER_OPTIONS = 'IoT_PrivilegedDockerOptions'¶: Edge module is configured to run in privileged mode, with extensive Linux capabilities or with host-level network access (send/receive data to host machine).

IO_T_SHARED_CREDENTIALS = 'IoT_SharedCredentials'¶: Same authentication credentials to the IoT Hub used by multiple devices. This could indicate an illegitimate device impersonating a legitimate device. It also exposes the risk of device impersonation by an attacker.

IO_T_VULNERABLE_TLS_CIPHER_SUITE = 'IoT_VulnerableTLSCipherSuite'¶: Insecure TLS configurations detected. Immediate upgrade recommended.

class azure.mgmt.security.models.RegulatoryComplianceAssessment(*, state: Optional[str] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource

Regulatory compliance assessment details and state.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.
description (str) – The description of the regulatory compliance assessment.
assessment_type (str) – The expected type of assessment contained in the AssessmentDetailsLink.
assessment_details_link (str) – Link to more detailed assessment results data. The response type will be according to the assessmentType field.
passed_resources (int) – The given assessment’s related resources count with passed state.
failed_resources (int) – The given assessment’s related resources count with failed state.
skipped_resources (int) – The given assessment’s related resources count with skipped state.
unsupported_resources (int) – The given assessment’s related resources count with unsupported state.

Parameters

state (str or State) – Aggregative state based on the assessment’s scanned resources states. Possible values include: “Passed”, “Failed”, “Skipped”, “Unsupported”.

class azure.mgmt.security.models.RegulatoryComplianceAssessmentList(*, value: List[azure.mgmt.security.models._models_py3.RegulatoryComplianceAssessment], **kwargs)[source]¶

Bases: msrest.serialization.Model

List of regulatory compliance assessment response.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Parameters: value (list[RegulatoryComplianceAssessment]) – Required.
Variables: next_link (str) – The URI to fetch the next page.

class azure.mgmt.security.models.RegulatoryComplianceControl(*, state: Optional[str] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource

Regulatory compliance control details and state.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.
description (str) – The description of the regulatory compliance control.
passed_assessments (int) – The number of supported regulatory compliance assessments of the given control with a passed state.
failed_assessments (int) – The number of supported regulatory compliance assessments of the given control with a failed state.
skipped_assessments (int) – The number of supported regulatory compliance assessments of the given control with a skipped state.

Parameters

state (str or State) – Aggregative state based on the control’s supported assessments states. Possible values include: “Passed”, “Failed”, “Skipped”, “Unsupported”.

class azure.mgmt.security.models.RegulatoryComplianceControlList(*, value: List[azure.mgmt.security.models._models_py3.RegulatoryComplianceControl], **kwargs)[source]¶

Bases: msrest.serialization.Model

List of regulatory compliance controls response.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Parameters: value (list[RegulatoryComplianceControl]) – Required. List of regulatory compliance controls.
Variables: next_link (str) – The URI to fetch the next page.

class azure.mgmt.security.models.RegulatoryComplianceStandard(*, state: Optional[str] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource

Regulatory compliance standard details and state.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.
passed_controls (int) – The number of supported regulatory compliance controls of the given standard with a passed state.
failed_controls (int) – The number of supported regulatory compliance controls of the given standard with a failed state.
skipped_controls (int) – The number of supported regulatory compliance controls of the given standard with a skipped state.
unsupported_controls (int) – The number of regulatory compliance controls of the given standard which are unsupported by automated assessments.

Parameters

state (str or State) – Aggregative state based on the standard’s supported controls states. Possible values include: “Passed”, “Failed”, “Skipped”, “Unsupported”.

class azure.mgmt.security.models.RegulatoryComplianceStandardList(*, value: List[azure.mgmt.security.models._models_py3.RegulatoryComplianceStandard], **kwargs)[source]¶

Bases: msrest.serialization.Model

List of regulatory compliance standards response.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Parameters: value (list[RegulatoryComplianceStandard]) – Required.
Variables: next_link (str) – The URI to fetch the next page.

class azure.mgmt.security.models.Remediation(*, description: Optional[str] = None, scripts: Optional[List[str]] = None, automated: Optional[bool] = None, portal_link: Optional[str] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

Remediation details.

Parameters

description (str) – Remediation description.
scripts (list[str]) – Remediation script.
automated (bool) – Is remediation automated.
portal_link (str) – Optional link to remediate in Azure Portal.

class azure.mgmt.security.models.ReportedSeverity(value)[source]¶

Bases: str, enum.Enum

Assessed alert severity.

HIGH = 'High'¶

INFORMATIONAL = 'Informational'¶

LOW = 'Low'¶

MEDIUM = 'Medium'¶

class azure.mgmt.security.models.Resource(**kwargs)[source]¶

Bases: msrest.serialization.Model

Describes an Azure resource.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.

class azure.mgmt.security.models.ResourceDetails(**kwargs)[source]¶

Bases: msrest.serialization.Model

Details of the resource that was assessed.

You probably want to use the sub-classes and not this class directly. Known sub-classes are: AzureResourceDetails, OnPremiseResourceDetails.

All required parameters must be populated in order to send to Azure.

Parameters: source (str or Source) – Required. The platform where the assessed resource resides.Constant filled by server. Possible values include: “Azure”, “OnPremise”, “OnPremiseSql”.

class azure.mgmt.security.models.ResourceIdentifier(**kwargs)[source]¶

Bases: msrest.serialization.Model

A resource identifier for an alert which can be used to direct the alert to the right product exposure group (tenant, workspace, subscription etc.).

You probably want to use the sub-classes and not this class directly. Known sub-classes are: AzureResourceIdentifier, LogAnalyticsIdentifier.

All required parameters must be populated in order to send to Azure.

Parameters: type (str or ResourceIdentifierType) – Required. There can be multiple identifiers of different type per alert, this field specify the identifier type.Constant filled by server. Possible values include: “AzureResource”, “LogAnalytics”.

class azure.mgmt.security.models.ResourceIdentifierType(value)[source]¶

Bases: str, enum.Enum

There can be multiple identifiers of different type per alert, this field specify the identifier type.

AZURE_RESOURCE = 'AzureResource'¶

LOG_ANALYTICS = 'LogAnalytics'¶

class azure.mgmt.security.models.ResourceStatus(value)[source]¶

Bases: str, enum.Enum

The status of the resource regarding a single assessment

HEALTHY = 'Healthy'¶: This assessment on the resource is healthy.

NOT_APPLICABLE = 'NotApplicable'¶: This assessment is not applicable to this resource.

NOT_HEALTHY = 'NotHealthy'¶: This assessment on the resource is not healthy.

OFF_BY_POLICY = 'OffByPolicy'¶: This assessment is turned off by policy on this subscription.

class azure.mgmt.security.models.Rule(*, name: Optional[str] = None, direction: Optional[str] = None, destination_port: Optional[int] = None, protocols: Optional[List[str]] = None, ip_addresses: Optional[List[str]] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

Describes remote addresses that is recommended to communicate with the Azure resource on some (Protocol, Port, Direction). All other remote addresses are recommended to be blocked.

Parameters

name (str) – The name of the rule.
direction (str or Direction) – The rule’s direction. Possible values include: “Inbound”, “Outbound”.
destination_port (int) – The rule’s destination port.
protocols (list[str or TransportProtocol]) – The rule’s transport protocols.
ip_addresses (list[str]) – The remote IP addresses that should be able to communicate with the Azure resource on the rule’s destination port and protocol.

class azure.mgmt.security.models.RuleResults(*, properties: Optional[azure.mgmt.security.models._models_py3.RuleResultsProperties] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource

Rule results.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.

Parameters

properties (RuleResultsProperties) – Rule results properties.

class azure.mgmt.security.models.RuleResultsInput(*, latest_scan: Optional[bool] = None, results: Optional[List[List[str]]] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

Rule results input.

Parameters

latest_scan (bool) – Take results from latest scan.
results (list[list[str]]) – Expected results to be inserted into the baseline. Leave this field empty it LatestScan == true.

class azure.mgmt.security.models.RuleResultsProperties(*, results: Optional[List[List[str]]] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

Rule results properties.

Parameters: results (list[list[str]]) – Expected results in the baseline.

class azure.mgmt.security.models.RuleSeverity(value)[source]¶

Bases: str, enum.Enum

The rule severity.

HIGH = 'High'¶: High.

INFORMATIONAL = 'Informational'¶: Informational.

LOW = 'Low'¶: Low.

MEDIUM = 'Medium'¶: Medium.

OBSOLETE = 'Obsolete'¶: Obsolete.

class azure.mgmt.security.models.RuleState(value)[source]¶

Bases: str, enum.Enum

Possible states of the rule

DISABLED = 'Disabled'¶

ENABLED = 'Enabled'¶

EXPIRED = 'Expired'¶

class azure.mgmt.security.models.RuleStatus(value)[source]¶

Bases: str, enum.Enum

The rule result status.

FINDING = 'Finding'¶: Finding.

INTERNAL_ERROR = 'InternalError'¶: InternalError.

NON_FINDING = 'NonFinding'¶: NonFinding.

class azure.mgmt.security.models.RuleType(value)[source]¶

Bases: str, enum.Enum

The rule type.

BASELINE_EXPECTED = 'BaselineExpected'¶: BaselineExpected.

BINARY = 'Binary'¶: Binary.

NEGATIVE_LIST = 'NegativeList'¶: NegativeList.

POSITIVE_LIST = 'PositiveList'¶: PositiveList.

class azure.mgmt.security.models.RulesResults(*, value: Optional[List[azure.mgmt.security.models._models_py3.RuleResults]] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

A list of rules results.

Parameters: value (list[RuleResults]) – List of rule results.

class azure.mgmt.security.models.RulesResultsInput(*, latest_scan: Optional[bool] = None, results: Optional[Dict[str, List[List[str]]]] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

Rules results input.

Parameters

latest_scan (bool) – Take results from latest scan.
results (dict[str, list[list[str]]]) – Expected results to be inserted into the baseline. Leave this field empty it LatestScan == true.

class azure.mgmt.security.models.Scan(*, properties: Optional[azure.mgmt.security.models._models_py3.ScanProperties] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource

A vulnerability assessment scan record.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.

Parameters

properties (ScanProperties) – A vulnerability assessment scan record properties.

class azure.mgmt.security.models.ScanProperties(*, trigger_type: Optional[str] = None, state: Optional[str] = None, server: Optional[str] = None, database: Optional[str] = None, sql_version: Optional[str] = None, start_time: Optional[datetime.datetime] = None, end_time: Optional[datetime.datetime] = None, high_severity_failed_rules_count: Optional[int] = None, medium_severity_failed_rules_count: Optional[int] = None, low_severity_failed_rules_count: Optional[int] = None, total_passed_rules_count: Optional[int] = None, total_failed_rules_count: Optional[int] = None, total_rules_count: Optional[int] = None, is_baseline_applied: Optional[bool] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

A vulnerability assessment scan record properties.

Parameters

trigger_type (str or ScanTriggerType) – The scan trigger type. Possible values include: “OnDemand”, “Recurring”.
state (str or ScanState) – The scan status. Possible values include: “Failed”, “FailedToRun”, “InProgress”, “Passed”.
server (str) – The server name.
database (str) – The database name.
sql_version (str) – The SQL version.
start_time (datetime) – The scan start time (UTC).
end_time (datetime) – Scan results are valid until end time (UTC).
high_severity_failed_rules_count (int) – The number of failed rules with high severity.
medium_severity_failed_rules_count (int) – The number of failed rules with medium severity.
low_severity_failed_rules_count (int) – The number of failed rules with low severity.
total_passed_rules_count (int) – The number of total passed rules.
total_failed_rules_count (int) – The number of total failed rules.
total_rules_count (int) – The number of total rules assessed.
is_baseline_applied (bool) – Baseline created for this database, and has one or more rules.

class azure.mgmt.security.models.ScanResult(*, properties: Optional[azure.mgmt.security.models._models_py3.ScanResultProperties] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource

A vulnerability assessment scan result for a single rule.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.

Parameters

properties (ScanResultProperties) – A vulnerability assessment scan result properties for a single rule.

class azure.mgmt.security.models.ScanResultProperties(*, rule_id: Optional[str] = None, status: Optional[str] = None, is_trimmed: Optional[bool] = None, query_results: Optional[List[List[str]]] = None, remediation: Optional[azure.mgmt.security.models._models_py3.Remediation] = None, baseline_adjusted_result: Optional[azure.mgmt.security.models._models_py3.BaselineAdjustedResult] = None, rule_metadata: Optional[azure.mgmt.security.models._models_py3.VaRule] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

A vulnerability assessment scan result properties for a single rule.

Parameters

rule_id (str) – The rule Id.
status (str or RuleStatus) – The rule result status. Possible values include: “NonFinding”, “Finding”, “InternalError”.
is_trimmed (bool) – Indicated whether the results specified here are trimmed.
query_results (list[list[str]]) – The results of the query that was run.
remediation (Remediation) – Remediation details.
baseline_adjusted_result (BaselineAdjustedResult) – The rule result adjusted with baseline.
rule_metadata (VaRule) – vulnerability assessment rule metadata details.

class azure.mgmt.security.models.ScanResults(*, value: Optional[List[azure.mgmt.security.models._models_py3.ScanResult]] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

A list of vulnerability assessment scan results.

Parameters: value (list[ScanResult]) – List of vulnerability assessment scan results.

class azure.mgmt.security.models.ScanState(value)[source]¶

Bases: str, enum.Enum

The scan status.

FAILED = 'Failed'¶: Failed.

FAILED_TO_RUN = 'FailedToRun'¶: FailedToRun.

IN_PROGRESS = 'InProgress'¶: InProgress.

PASSED = 'Passed'¶: Passed.

class azure.mgmt.security.models.ScanTriggerType(value)[source]¶

Bases: str, enum.Enum

The scan trigger type.

ON_DEMAND = 'OnDemand'¶: OnDemand.

RECURRING = 'Recurring'¶: Recurring.

class azure.mgmt.security.models.Scans(*, value: Optional[List[azure.mgmt.security.models._models_py3.Scan]] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

A list of vulnerability assessment scan records.

Parameters: value (list[Scan]) – List of vulnerability assessment scan records.

class azure.mgmt.security.models.ScopeElement(*, additional_properties: Optional[Dict[str, Any]] = None, field: Optional[str] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

A more specific scope used to identify the alerts to suppress.

Parameters

additional_properties (dict[str, any]) – Unmatched properties from the message are deserialized to this collection.
field (str) – The alert entity type to suppress by.

class azure.mgmt.security.models.SecureScoreControlDefinitionItem(**kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource

Information about the security control.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.
display_name (str) – User friendly display name of the control.
description (str) – User friendly description of the control.
max_score (int) – Maximum control score (0..10).
source (SecureScoreControlDefinitionSource) – Source object from which the control was created.
assessment_definitions (list[AzureResourceLink]) – Array of assessments metadata IDs that are included in this security control.

class azure.mgmt.security.models.SecureScoreControlDefinitionList(**kwargs)[source]¶

Bases: msrest.serialization.Model

List of security controls definition.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

value (list[SecureScoreControlDefinitionItem]) – Collection of security controls definition in this page.
next_link (str) – The URI to fetch the next page.

class azure.mgmt.security.models.SecureScoreControlDefinitionSource(*, source_type: Optional[str] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

The type of the security control (For example, BuiltIn).

Parameters: source_type (str or ControlType) – The type of security control (for example, BuiltIn). Possible values include: “BuiltIn”, “Custom”.

class azure.mgmt.security.models.SecureScoreControlDetails(*, definition: Optional[azure.mgmt.security.models._models_py3.SecureScoreControlDefinitionItem] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource

Details of the security control, its score, and the health status of the relevant resources.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.
display_name (str) – User friendly display name of the control.
healthy_resource_count (int) – Number of healthy resources in the control.
unhealthy_resource_count (int) – Number of unhealthy resources in the control.
not_applicable_resource_count (int) – Number of not applicable resources in the control.
weight (long) – The relative weight for this specific control in each of your subscriptions. Used when calculating an aggregated score for this control across all of your subscriptions.
max (int) – Maximum score available.
current (float) – Current score.
percentage (float) – Ratio of the current score divided by the maximum. Rounded to 4 digits after the decimal point.

Parameters

definition (SecureScoreControlDefinitionItem) – Information about the security control.

class azure.mgmt.security.models.SecureScoreControlList(**kwargs)[source]¶

Bases: msrest.serialization.Model

List of security controls.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

value (list[SecureScoreControlDetails]) – Collection of security controls in this page.
next_link (str) – The URI to fetch the next page.

class azure.mgmt.security.models.SecureScoreControlScore(**kwargs)[source]¶

Bases: msrest.serialization.Model

Calculation result data.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

max (int) – Maximum control score (0..10).
current (float) – Actual score for the control = (achieved points / total points) * max score. if total points is zeroed, the return number is 0.00.
percentage (float) – Ratio of the current score divided by the maximum. Rounded to 4 digits after the decimal point.

class azure.mgmt.security.models.SecureScoreItem(**kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource

Secure score item data model.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.
display_name (str) – The initiative’s name.
weight (long) – The relative weight for each subscription. Used when calculating an aggregated secure score for multiple subscriptions.
max (int) – Maximum score available.
current (float) – Current score.
percentage (float) – Ratio of the current score divided by the maximum. Rounded to 4 digits after the decimal point.

class azure.mgmt.security.models.SecureScoresList(**kwargs)[source]¶

Bases: msrest.serialization.Model

List of secure scores.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

value (list[SecureScoreItem]) – Collection of secure scores in this page.
next_link (str) – The URI to fetch the next page.

class azure.mgmt.security.models.SecurityAssessment(*, resource_details: Optional[azure.mgmt.security.models._models_py3.ResourceDetails] = None, status: Optional[azure.mgmt.security.models._models_py3.AssessmentStatus] = None, additional_data: Optional[Dict[str, str]] = None, metadata: Optional[azure.mgmt.security.models._models_py3.SecurityAssessmentMetadataProperties] = None, partners_data: Optional[azure.mgmt.security.models._models_py3.SecurityAssessmentPartnerData] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource

Security assessment on a resource.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.
display_name (str) – User friendly display name of the assessment.
links (AssessmentLinks) – Links relevant to the assessment.

Parameters

resource_details (ResourceDetails) – Details of the resource that was assessed.
status (AssessmentStatus) – The result of the assessment.
additional_data (dict[str, str]) – Additional data regarding the assessment.
metadata (SecurityAssessmentMetadataProperties) – Describes properties of an assessment metadata.
partners_data (SecurityAssessmentPartnerData) – Data regarding 3rd party partner integration.

class azure.mgmt.security.models.SecurityAssessmentList(**kwargs)[source]¶

Bases: msrest.serialization.Model

Page of a security assessments list.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

value (list[SecurityAssessment]) – Collection of security assessments in this page.
next_link (str) – The URI to fetch the next page.

class azure.mgmt.security.models.SecurityAssessmentMetadata(*, display_name: Optional[str] = None, description: Optional[str] = None, remediation_description: Optional[str] = None, categories: Optional[List[str]] = None, severity: Optional[str] = None, user_impact: Optional[str] = None, implementation_effort: Optional[str] = None, threats: Optional[List[str]] = None, preview: Optional[bool] = None, assessment_type: Optional[str] = None, partner_data: Optional[azure.mgmt.security.models._models_py3.SecurityAssessmentMetadataPartnerData] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource

Security assessment metadata.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.
policy_definition_id (str) – Azure resource ID of the policy definition that turns this assessment calculation on.

Parameters

display_name (str) – User friendly display name of the assessment.
description (str) – Human readable description of the assessment.
remediation_description (str) – Human readable description of what you should do to mitigate this security issue.
categories (list[str or Categories]) –
severity (str or Severity) – The severity level of the assessment. Possible values include: “Low”, “Medium”, “High”.
user_impact (str or UserImpact) – The user impact of the assessment. Possible values include: “Low”, “Moderate”, “High”.
implementation_effort (str or ImplementationEffort) – The implementation effort required to remediate this assessment. Possible values include: “Low”, “Moderate”, “High”.
threats (list[str or Threats]) –
preview (bool) – True if this assessment is in preview release status.
assessment_type (str or AssessmentType) – BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition. Possible values include: “BuiltIn”, “CustomPolicy”, “CustomerManaged”, “VerifiedPartner”.
partner_data (SecurityAssessmentMetadataPartnerData) – Describes the partner that created the assessment.

class azure.mgmt.security.models.SecurityAssessmentMetadataList(**kwargs)[source]¶

Bases: msrest.serialization.Model

List of security assessment metadata.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

value (list[SecurityAssessmentMetadata]) –
next_link (str) – The URI to fetch the next page.

class azure.mgmt.security.models.SecurityAssessmentMetadataPartnerData(*, partner_name: str, secret: str, product_name: Optional[str] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

Describes the partner that created the assessment.

All required parameters must be populated in order to send to Azure.

Parameters

partner_name (str) – Required. Name of the company of the partner.
product_name (str) – Name of the product of the partner that created the assessment.
secret (str) – Required. Secret to authenticate the partner and verify it created the assessment - write only.

class azure.mgmt.security.models.SecurityAssessmentMetadataProperties(*, display_name: str, severity: str, assessment_type: str, description: Optional[str] = None, remediation_description: Optional[str] = None, categories: Optional[List[str]] = None, user_impact: Optional[str] = None, implementation_effort: Optional[str] = None, threats: Optional[List[str]] = None, preview: Optional[bool] = None, partner_data: Optional[azure.mgmt.security.models._models_py3.SecurityAssessmentMetadataPartnerData] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

Describes properties of an assessment metadata.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Parameters

display_name (str) – Required. User friendly display name of the assessment.
description (str) – Human readable description of the assessment.
remediation_description (str) – Human readable description of what you should do to mitigate this security issue.
categories (list[str or Categories]) –
severity (str or Severity) – Required. The severity level of the assessment. Possible values include: “Low”, “Medium”, “High”.
user_impact (str or UserImpact) – The user impact of the assessment. Possible values include: “Low”, “Moderate”, “High”.
implementation_effort (str or ImplementationEffort) – The implementation effort required to remediate this assessment. Possible values include: “Low”, “Moderate”, “High”.
threats (list[str or Threats]) –
preview (bool) – True if this assessment is in preview release status.
assessment_type (str or AssessmentType) – Required. BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition. Possible values include: “BuiltIn”, “CustomPolicy”, “CustomerManaged”, “VerifiedPartner”.
partner_data (SecurityAssessmentMetadataPartnerData) – Describes the partner that created the assessment.

Variables

policy_definition_id (str) – Azure resource ID of the policy definition that turns this assessment calculation on.

class azure.mgmt.security.models.SecurityAssessmentPartnerData(*, partner_name: str, secret: str, **kwargs)[source]¶

Bases: msrest.serialization.Model

Data regarding 3rd party partner integration.

All required parameters must be populated in order to send to Azure.

Parameters

partner_name (str) – Required. Name of the company of the partner.
secret (str) – Required. secret to authenticate the partner - write only.

class azure.mgmt.security.models.SecurityContact(*, email: Optional[str] = None, phone: Optional[str] = None, alert_notifications: Optional[str] = None, alerts_to_admins: Optional[str] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource

Contact details for security issues.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.

Parameters

email (str) – The email of this security contact.
phone (str) – The phone number of this security contact.
alert_notifications (str or AlertNotifications) – Whether to send security alerts notifications to the security contact. Possible values include: “On”, “Off”.
alerts_to_admins (str or AlertsToAdmins) – Whether to send security alerts notifications to subscription admins. Possible values include: “On”, “Off”.

class azure.mgmt.security.models.SecurityContactList(**kwargs)[source]¶

Bases: msrest.serialization.Model

List of security contacts response.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

value (list[SecurityContact]) – List of security contacts.
next_link (str) – The URI to fetch the next page.

class azure.mgmt.security.models.SecurityFamily(value)[source]¶

Bases: str, enum.Enum

The security family of the discovered solution

NGFW = 'Ngfw'¶

SAAS_WAF = 'SaasWaf'¶

VA = 'Va'¶

WAF = 'Waf'¶

class azure.mgmt.security.models.SecuritySolution(*, security_family: Optional[str] = None, provisioning_state: Optional[str] = None, template: Optional[str] = None, protection_status: Optional[str] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource, azure.mgmt.security.models._models_py3.Location

SecuritySolution.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

location (str) – Location where the resource is stored.
id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.

Parameters

security_family (str or SecurityFamily) – The security family of the security solution. Possible values include: “Waf”, “Ngfw”, “SaasWaf”, “Va”.
provisioning_state (str or ProvisioningState) – The security family provisioning State. Possible values include: “Succeeded”, “Failed”, “Updating”.
template (str) – The security solutions’ template.
protection_status (str) – The security solutions’ status.

class azure.mgmt.security.models.SecuritySolutionList(*, value: Optional[List[azure.mgmt.security.models._models_py3.SecuritySolution]] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

SecuritySolutionList.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters: value (list[SecuritySolution]) –
Variables: next_link (str) – The URI to fetch the next page.

class azure.mgmt.security.models.SecuritySolutionStatus(value)[source]¶

Bases: str, enum.Enum

Status of the IoT Security solution.

DISABLED = 'Disabled'¶

ENABLED = 'Enabled'¶

class azure.mgmt.security.models.SecuritySolutionsReferenceData(*, security_family: str, alert_vendor_name: str, package_info_url: str, product_name: str, publisher: str, publisher_display_name: str, template: str, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource, azure.mgmt.security.models._models_py3.Location

SecuritySolutionsReferenceData.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

location (str) – Location where the resource is stored.
id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.

Parameters

security_family (str or SecurityFamily) – Required. The security family of the security solution. Possible values include: “Waf”, “Ngfw”, “SaasWaf”, “Va”.
alert_vendor_name (str) – Required. The security solutions’ vendor name.
package_info_url (str) – Required. The security solutions’ package info url.
product_name (str) – Required. The security solutions’ product name.
publisher (str) – Required. The security solutions’ publisher.
publisher_display_name (str) – Required. The security solutions’ publisher display name.
template (str) – Required. The security solutions’ template.

class azure.mgmt.security.models.SecuritySolutionsReferenceDataList(*, value: Optional[List[azure.mgmt.security.models._models_py3.SecuritySolutionsReferenceData]] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

SecuritySolutionsReferenceDataList.

Parameters: value (list[SecuritySolutionsReferenceData]) –

class azure.mgmt.security.models.SecuritySubAssessment(*, status: Optional[azure.mgmt.security.models._models_py3.SubAssessmentStatus] = None, resource_details: Optional[azure.mgmt.security.models._models_py3.ResourceDetails] = None, additional_data: Optional[azure.mgmt.security.models._models_py3.AdditionalData] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource

Security sub-assessment on a resource.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.
id_properties_id (str) – Vulnerability ID.
display_name (str) – User friendly display name of the sub-assessment.
remediation (str) – Information on how to remediate this sub-assessment.
impact (str) – Description of the impact of this sub-assessment.
category (str) – Category of the sub-assessment.
description (str) – Human readable description of the assessment status.
time_generated (datetime) – The date and time the sub-assessment was generated.

Parameters

status (SubAssessmentStatus) – Status of the sub-assessment.
resource_details (ResourceDetails) – Details of the resource that was assessed.
additional_data (AdditionalData) – Details of the sub-assessment.

class azure.mgmt.security.models.SecuritySubAssessmentList(**kwargs)[source]¶

Bases: msrest.serialization.Model

List of security sub-assessments.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

value (list[SecuritySubAssessment]) –
next_link (str) – The URI to fetch the next page.

class azure.mgmt.security.models.SecurityTask(*, security_task_parameters: Optional[azure.mgmt.security.models._models_py3.SecurityTaskParameters] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource

Security task that we recommend to do in order to strengthen security.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.
state (str) – State of the task (Active, Resolved etc.).
creation_time_utc (datetime) – The time this task was discovered in UTC.
last_state_change_time_utc (datetime) – The time this task’s details were last changed in UTC.
sub_state (str) – Additional data on the state of the task.

Parameters

security_task_parameters (SecurityTaskParameters) – Changing set of properties, depending on the task type that is derived from the name field.

class azure.mgmt.security.models.SecurityTaskList(**kwargs)[source]¶

Bases: msrest.serialization.Model

List of security task recommendations.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

value (list[SecurityTask]) –
next_link (str) – The URI to fetch the next page.

class azure.mgmt.security.models.SecurityTaskParameters(*, additional_properties: Optional[Dict[str, Any]] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

Changing set of properties, depending on the task type that is derived from the name field.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters: additional_properties (dict[str, any]) – Unmatched properties from the message are deserialized to this collection.
Variables: name (str) – Name of the task type.

class azure.mgmt.security.models.SensitivityLabel(*, display_name: Optional[str] = None, description: Optional[str] = None, rank: Optional[str] = None, order: Optional[int] = None, enabled: Optional[bool] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

The sensitivity label.

Parameters

display_name (str) – The name of the sensitivity label.
description (str) – The description of the sensitivity label.
rank (str or Rank) – The rank of the sensitivity label. Possible values include: “None”, “Low”, “Medium”, “High”, “Critical”.
order (int) – The order of the sensitivity label.
enabled (bool) – Indicates whether the label is enabled or not.

class azure.mgmt.security.models.ServerVulnerabilityAssessment(**kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource

Describes the server vulnerability assessment details on a resource.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.
provisioning_state (str or ServerVulnerabilityAssessmentPropertiesProvisioningState) – The provisioningState of the vulnerability assessment capability on the VM. Possible values include: “Succeeded”, “Failed”, “Canceled”, “Provisioning”, “Deprovisioning”.

class azure.mgmt.security.models.ServerVulnerabilityAssessmentPropertiesProvisioningState(value)[source]¶

Bases: str, enum.Enum

The provisioningState of the vulnerability assessment capability on the VM

CANCELED = 'Canceled'¶

DEPROVISIONING = 'Deprovisioning'¶

FAILED = 'Failed'¶

PROVISIONING = 'Provisioning'¶

SUCCEEDED = 'Succeeded'¶

class azure.mgmt.security.models.ServerVulnerabilityAssessmentsList(*, value: Optional[List[azure.mgmt.security.models._models_py3.ServerVulnerabilityAssessment]] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

List of server vulnerability assessments.

Parameters: value (list[ServerVulnerabilityAssessment]) –

class azure.mgmt.security.models.ServerVulnerabilityProperties(**kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.AdditionalData

Additional context fields for server vulnerability assessment.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Parameters

assessed_resource_type (str or AssessedResourceType) – Required. Sub-assessment resource type.Constant filled by server. Possible values include: “SqlServerVulnerability”, “ContainerRegistryVulnerability”, “ServerVulnerability”.

Variables

type (str) – Vulnerability Type. e.g: Vulnerability, Potential Vulnerability, Information Gathered.
cvss (dict[str, CVSS]) – Dictionary from cvss version to cvss details object.
patchable (bool) – Indicates whether a patch is available or not.
cve (list[CVE]) – List of CVEs.
threat (str) – Threat name.
published_time (datetime) – Published time.
vendor_references (list[VendorReference]) –

class azure.mgmt.security.models.ServicePrincipalProperties(*, application_id: Optional[str] = None, secret: Optional[str] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

Details of the service principal.

Parameters

application_id (str) – Application ID of service principal.
secret (str) – A secret string that the application uses to prove its identity, also can be referred to as application password (write only).

class azure.mgmt.security.models.Setting(**kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource

The kind of the security setting.

You probably want to use the sub-classes and not this class directly. Known sub-classes are: AlertSyncSettings, DataExportSettings.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.

Parameters

kind (str or SettingKind) – Required. the kind of the settings string.Constant filled by server. Possible values include: “DataExportSettings”, “AlertSuppressionSetting”, “AlertSyncSettings”.

class azure.mgmt.security.models.SettingKind(value)[source]¶

Bases: str, enum.Enum

the kind of the settings string

ALERT_SUPPRESSION_SETTING = 'AlertSuppressionSetting'¶

ALERT_SYNC_SETTINGS = 'AlertSyncSettings'¶

DATA_EXPORT_SETTINGS = 'DataExportSettings'¶

class azure.mgmt.security.models.SettingsList(*, value: Optional[List[azure.mgmt.security.models._models_py3.Setting]] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

Subscription settings list.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters: value (list[Setting]) – The settings list.
Variables: next_link (str) – The URI to fetch the next page.

class azure.mgmt.security.models.Severity(value)[source]¶

Bases: str, enum.Enum

The sub-assessment severity level

HIGH = 'High'¶

LOW = 'Low'¶

MEDIUM = 'Medium'¶

class azure.mgmt.security.models.Software(*, device_id: Optional[str] = None, os_platform: Optional[str] = None, vendor: Optional[str] = None, software_name: Optional[str] = None, version: Optional[str] = None, end_of_support_status: Optional[str] = None, end_of_support_date: Optional[str] = None, number_of_known_vulnerabilities: Optional[int] = None, first_seen_at: Optional[str] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource

Represents a software data.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.

Parameters

device_id (str) – Unique identifier for the virtual machine in the service.
os_platform (str) – Platform of the operating system running on the device.
vendor (str) – Name of the software vendor.
software_name (str) – Name of the software product.
version (str) – Version number of the software product.
end_of_support_status (str or EndOfSupportStatus) – End of support status. Possible values include: “None”, “noLongerSupported”, “versionNoLongerSupported”, “upcomingNoLongerSupported”, “upcomingVersionNoLongerSupported”.
end_of_support_date (str) – The end of support date in case the product is upcoming end of support.
number_of_known_vulnerabilities (int) – Number of weaknesses.
first_seen_at (str) – First time that the software was seen in the device.

class azure.mgmt.security.models.SoftwaresList(*, value: Optional[List[azure.mgmt.security.models._models_py3.Software]] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

Represents the software inventory of the virtual machine.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters: value (list[Software]) –
Variables: next_link (str) – The URI to fetch the next page.

class azure.mgmt.security.models.Source(value)[source]¶

Bases: str, enum.Enum

The platform where the assessed resource resides

AZURE = 'Azure'¶: Resource is in Azure.

ON_PREMISE = 'OnPremise'¶: Resource in an on premise machine connected to Azure cloud.

ON_PREMISE_SQL = 'OnPremiseSql'¶: SQL Resource in an on premise machine connected to Azure cloud.

class azure.mgmt.security.models.SourceSystem(value)[source]¶

Bases: str, enum.Enum

The source type of the machine group

AZURE_APP_LOCKER = 'Azure_AppLocker'¶

AZURE_AUDIT_D = 'Azure_AuditD'¶

NONE = 'None'¶

NON_AZURE_APP_LOCKER = 'NonAzure_AppLocker'¶

NON_AZURE_AUDIT_D = 'NonAzure_AuditD'¶

class azure.mgmt.security.models.SqlServerVulnerabilityProperties(**kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.AdditionalData

Details of the resource that was assessed.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Parameters

assessed_resource_type (str or AssessedResourceType) – Required. Sub-assessment resource type.Constant filled by server. Possible values include: “SqlServerVulnerability”, “ContainerRegistryVulnerability”, “ServerVulnerability”.

Variables

type (str) – The resource type the sub assessment refers to in its resource details.
query (str) – The T-SQL query that runs on your SQL database to perform the particular check.

class azure.mgmt.security.models.State(value)[source]¶

Bases: str, enum.Enum

Aggregative state based on the standard’s supported controls states

FAILED = 'Failed'¶: At least one supported regulatory compliance control in the given standard has a state of failed.

PASSED = 'Passed'¶: All supported regulatory compliance controls in the given standard have a passed state.

SKIPPED = 'Skipped'¶: All supported regulatory compliance controls in the given standard have a state of skipped.

UNSUPPORTED = 'Unsupported'¶: No supported regulatory compliance data for the given standard.

class azure.mgmt.security.models.Status(value)[source]¶

Bases: str, enum.Enum

The status of the port

INITIATED = 'Initiated'¶

REVOKED = 'Revoked'¶

class azure.mgmt.security.models.StatusReason(value)[source]¶

Bases: str, enum.Enum

A description of why the status has its value

EXPIRED = 'Expired'¶

NEWER_REQUEST_INITIATED = 'NewerRequestInitiated'¶

USER_REQUESTED = 'UserRequested'¶

class azure.mgmt.security.models.SubAssessmentStatus(**kwargs)[source]¶

Bases: msrest.serialization.Model

Status of the sub-assessment.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

code (str or SubAssessmentStatusCode) – Programmatic code for the status of the assessment. Possible values include: “Healthy”, “Unhealthy”, “NotApplicable”.
cause (str) – Programmatic code for the cause of the assessment status.
description (str) – Human readable description of the assessment status.
severity (str or Severity) – The sub-assessment severity level. Possible values include: “Low”, “Medium”, “High”.

class azure.mgmt.security.models.SubAssessmentStatusCode(value)[source]¶

Bases: str, enum.Enum

Programmatic code for the status of the assessment

HEALTHY = 'Healthy'¶: The resource is healthy.

NOT_APPLICABLE = 'NotApplicable'¶: Assessment for this resource did not happen.

UNHEALTHY = 'Unhealthy'¶: The resource has a security issue that needs to be addressed.

class azure.mgmt.security.models.SuppressionAlertsScope(*, all_of: List[azure.mgmt.security.models._models_py3.ScopeElement], **kwargs)[source]¶

Bases: msrest.serialization.Model

SuppressionAlertsScope.

All required parameters must be populated in order to send to Azure.

Parameters: all_of (list[ScopeElement]) – Required. All the conditions inside need to be true in order to suppress the alert.

class azure.mgmt.security.models.SystemData(*, created_by: Optional[str] = None, created_by_type: Optional[str] = None, created_at: Optional[datetime.datetime] = None, last_modified_by: Optional[str] = None, last_modified_by_type: Optional[str] = None, last_modified_at: Optional[datetime.datetime] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

Metadata pertaining to creation and last modification of the resource.

Parameters

created_by (str) – The identity that created the resource.
created_by_type (str or CreatedByType) – The type of identity that created the resource. Possible values include: “User”, “Application”, “ManagedIdentity”, “Key”.
created_at (datetime) – The timestamp of resource creation (UTC).
last_modified_by (str) – The identity that last modified the resource.
last_modified_by_type (str or CreatedByType) – The type of identity that last modified the resource. Possible values include: “User”, “Application”, “ManagedIdentity”, “Key”.
last_modified_at (datetime) – The timestamp of resource last modification (UTC).

class azure.mgmt.security.models.Tags(*, tags: Optional[Dict[str, str]] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

A list of key value pairs that describe the resource.

Parameters: tags (dict[str, str]) – A set of tags. A list of key value pairs that describe the resource.

class azure.mgmt.security.models.TagsResource(*, tags: Optional[Dict[str, str]] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

A container holding only the Tags for a resource, allowing the user to update the tags.

Parameters: tags (dict[str, str]) – A set of tags. Resource tags.

class azure.mgmt.security.models.Threats(value)[source]¶

Bases: str, enum.Enum

Threats impact of the assessment

ACCOUNT_BREACH = 'accountBreach'¶

DATA_EXFILTRATION = 'dataExfiltration'¶

DATA_SPILLAGE = 'dataSpillage'¶

DENIAL_OF_SERVICE = 'denialOfService'¶

ELEVATION_OF_PRIVILEGE = 'elevationOfPrivilege'¶

MALICIOUS_INSIDER = 'maliciousInsider'¶

MISSING_COVERAGE = 'missingCoverage'¶

THREAT_RESISTANCE = 'threatResistance'¶

class azure.mgmt.security.models.ThresholdCustomAlertRule(*, is_enabled: bool, min_threshold: int, max_threshold: int, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.CustomAlertRule

A custom alert rule that checks if a value (depends on the custom alert type) is within the given range.

You probably want to use the sub-classes and not this class directly. Known sub-classes are: TimeWindowCustomAlertRule.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

display_name (str) – The display name of the custom alert.
description (str) – The description of the custom alert.

Parameters

is_enabled (bool) – Required. Status of the custom alert.
rule_type (str) – Required. The type of the custom alert rule.Constant filled by server.
min_threshold (int) – Required. The minimum threshold.
max_threshold (int) – Required. The maximum threshold.

class azure.mgmt.security.models.TimeWindowCustomAlertRule(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size: datetime.timedelta, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.ThresholdCustomAlertRule

A custom alert rule that checks if the number of activities (depends on the custom alert type) in a time window is within the given range.

You probably want to use the sub-classes and not this class directly. Known sub-classes are: ActiveConnectionsNotInAllowedRange, AmqpC2DMessagesNotInAllowedRange, AmqpC2DRejectedMessagesNotInAllowedRange, AmqpD2CMessagesNotInAllowedRange, DirectMethodInvokesNotInAllowedRange, FailedLocalLoginsNotInAllowedRange, FileUploadsNotInAllowedRange, HttpC2DMessagesNotInAllowedRange, HttpC2DRejectedMessagesNotInAllowedRange, HttpD2CMessagesNotInAllowedRange, MqttC2DMessagesNotInAllowedRange, MqttC2DRejectedMessagesNotInAllowedRange, MqttD2CMessagesNotInAllowedRange, QueuePurgesNotInAllowedRange, TwinUpdatesNotInAllowedRange, UnauthorizedOperationsNotInAllowedRange.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

display_name (str) – The display name of the custom alert.
description (str) – The description of the custom alert.

Parameters

is_enabled (bool) – Required. Status of the custom alert.
rule_type (str) – Required. The type of the custom alert rule.Constant filled by server.
min_threshold (int) – Required. The minimum threshold.
max_threshold (int) – Required. The maximum threshold.
time_window_size (timedelta) – Required. The time window size in iso8601 format.

class azure.mgmt.security.models.TopologyList(**kwargs)[source]¶

Bases: msrest.serialization.Model

TopologyList.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

value (list[TopologyResource]) –
next_link (str) – The URI to fetch the next page.

class azure.mgmt.security.models.TopologyResource(**kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource, azure.mgmt.security.models._models_py3.Location

TopologyResource.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

location (str) – Location where the resource is stored.
id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.
calculated_date_time (datetime) – The UTC time on which the topology was calculated.
topology_resources (list[TopologySingleResource]) – Azure resources which are part of this topology resource.

class azure.mgmt.security.models.TopologySingleResource(**kwargs)[source]¶

Bases: msrest.serialization.Model

TopologySingleResource.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

resource_id (str) – Azure resource id.
severity (str) – The security severity of the resource.
recommendations_exist (bool) – Indicates if the resource has security recommendations.
network_zones (str) – Indicates the resource connectivity level to the Internet (InternetFacing, Internal ,etc.).
topology_score (int) – Score of the resource based on its security severity.
location (str) – The location of this resource.
parents (list[TopologySingleResourceParent]) – Azure resources connected to this resource which are in higher level in the topology view.
children (list[TopologySingleResourceChild]) – Azure resources connected to this resource which are in lower level in the topology view.

class azure.mgmt.security.models.TopologySingleResourceChild(**kwargs)[source]¶

Bases: msrest.serialization.Model

TopologySingleResourceChild.

Variables are only populated by the server, and will be ignored when sending a request.

Variables: resource_id (str) – Azure resource id which serves as child resource in topology view.

class azure.mgmt.security.models.TopologySingleResourceParent(**kwargs)[source]¶

Bases: msrest.serialization.Model

TopologySingleResourceParent.

Variables are only populated by the server, and will be ignored when sending a request.

Variables: resource_id (str) – Azure resource id which serves as parent resource in topology view.

class azure.mgmt.security.models.TrackedResource(*, tags: Optional[Dict[str, str]] = None, etag: Optional[str] = None, kind: Optional[str] = None, location: Optional[str] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource, azure.mgmt.security.models._models_py3.AzureTrackedResourceLocation, azure.mgmt.security.models._models_py3.Kind, azure.mgmt.security.models._models_py3.ETag, azure.mgmt.security.models._models_py3.Tags

Describes an Azure tracked resource.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters

tags (dict[str, str]) – A set of tags. A list of key value pairs that describe the resource.
etag (str) – Entity tag is used for comparing two or more entities from the same requested resource.
kind (str) – Kind of the resource.
location (str) – Location where the resource is stored.

Variables

id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.

class azure.mgmt.security.models.TransportProtocol(value)[source]¶

Bases: str, enum.Enum

An enumeration.

TCP = 'TCP'¶

UDP = 'UDP'¶

class azure.mgmt.security.models.TwinUpdatesNotInAllowedRange(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size: datetime.timedelta, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule

Number of twin updates is not in allowed range.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

display_name (str) – The display name of the custom alert.
description (str) – The description of the custom alert.

Parameters

is_enabled (bool) – Required. Status of the custom alert.
rule_type (str) – Required. The type of the custom alert rule.Constant filled by server.
min_threshold (int) – Required. The minimum threshold.
max_threshold (int) – Required. The maximum threshold.
time_window_size (timedelta) – Required. The time window size in iso8601 format.

class azure.mgmt.security.models.UnauthorizedOperationsNotInAllowedRange(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size: datetime.timedelta, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule

Number of unauthorized operations is not in allowed range.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

display_name (str) – The display name of the custom alert.
description (str) – The description of the custom alert.

Parameters

is_enabled (bool) – Required. Status of the custom alert.
rule_type (str) – Required. The type of the custom alert rule.Constant filled by server.
min_threshold (int) – Required. The minimum threshold.
max_threshold (int) – Required. The maximum threshold.
time_window_size (timedelta) – Required. The time window size in iso8601 format.

class azure.mgmt.security.models.UnmaskedIpLoggingStatus(value)[source]¶

Bases: str, enum.Enum

Unmasked IP address logging status

DISABLED = 'Disabled'¶: Unmasked IP logging is disabled.

ENABLED = 'Enabled'¶: Unmasked IP logging is enabled.

class azure.mgmt.security.models.UpdateIotSecuritySolutionData(*, tags: Optional[Dict[str, str]] = None, user_defined_resources: Optional[azure.mgmt.security.models._models_py3.UserDefinedResourcesProperties] = None, recommendations_configuration: Optional[List[azure.mgmt.security.models._models_py3.RecommendationConfigurationProperties]] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.TagsResource

UpdateIotSecuritySolutionData.

Parameters

tags (dict[str, str]) – A set of tags. Resource tags.
user_defined_resources (UserDefinedResourcesProperties) – Properties of the IoT Security solution’s user defined resources.
recommendations_configuration (list[RecommendationConfigurationProperties]) – List of the configuration status for each recommendation type.

class azure.mgmt.security.models.UserDefinedResourcesProperties(*, query: str, query_subscriptions: List[str], **kwargs)[source]¶

Bases: msrest.serialization.Model

Properties of the IoT Security solution’s user defined resources.

All required parameters must be populated in order to send to Azure.

Parameters

query (str) – Required. Azure Resource Graph query which represents the security solution’s user defined resources. Required to start with “where type != “Microsoft.Devices/IotHubs””.
query_subscriptions (list[str]) – Required. List of Azure subscription ids on which the user defined resources query should be executed.

class azure.mgmt.security.models.UserImpact(value)[source]¶

Bases: str, enum.Enum

The user impact of the assessment

HIGH = 'High'¶

LOW = 'Low'¶

MODERATE = 'Moderate'¶

class azure.mgmt.security.models.UserRecommendation(*, username: Optional[str] = None, recommendation_action: Optional[str] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

Represents a user that is recommended to be allowed for a certain rule.

Parameters

username (str) – Represents a user that is recommended to be allowed for a certain rule.
recommendation_action (str or RecommendationAction) – The recommendation action of the machine or rule. Possible values include: “Recommended”, “Add”, “Remove”.

class azure.mgmt.security.models.VaRule(*, rule_id: Optional[str] = None, severity: Optional[str] = None, category: Optional[str] = None, rule_type: Optional[str] = None, title: Optional[str] = None, description: Optional[str] = None, rationale: Optional[str] = None, query_check: Optional[azure.mgmt.security.models._models_py3.QueryCheck] = None, benchmark_references: Optional[List[azure.mgmt.security.models._models_py3.BenchmarkReference]] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

vulnerability assessment rule metadata details.

Parameters

rule_id (str) – The rule Id.
severity (str or RuleSeverity) – The rule severity. Possible values include: “High”, “Medium”, “Low”, “Informational”, “Obsolete”.
category (str) – The rule category.
rule_type (str or RuleType) – The rule type. Possible values include: “Binary”, “BaselineExpected”, “PositiveList”, “NegativeList”.
title (str) – The rule title.
description (str) – The rule description.
rationale (str) – The rule rationale.
query_check (QueryCheck) – The rule query details.
benchmark_references (list[BenchmarkReference]) – The benchmark references.

class azure.mgmt.security.models.ValueType(value)[source]¶

Bases: str, enum.Enum

The value type of the items in the list.

IP_CIDR = 'IpCidr'¶: An IP range in CIDR format (e.g. ‘192.168.0.1/8’).

STRING = 'String'¶: Any string value.

class azure.mgmt.security.models.VendorReference(**kwargs)[source]¶

Bases: msrest.serialization.Model

Vendor reference.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

title (str) – Link title.
link (str) – Link url.

class azure.mgmt.security.models.VmRecommendation(*, configuration_status: Optional[str] = None, recommendation_action: Optional[str] = None, resource_id: Optional[str] = None, enforcement_support: Optional[str] = None, **kwargs)[source]¶

Bases: msrest.serialization.Model

Represents a machine that is part of a machine group.

Parameters

configuration_status (str or ConfigurationStatus) – The configuration status of the machines group or machine or rule. Possible values include: “Configured”, “NotConfigured”, “InProgress”, “Failed”, “NoStatus”.
recommendation_action (str or RecommendationAction) – The recommendation action of the machine or rule. Possible values include: “Recommended”, “Add”, “Remove”.
resource_id (str) – The full resource id of the machine.
enforcement_support (str or EnforcementSupport) – The machine supportability of Enforce feature. Possible values include: “Supported”, “NotSupported”, “Unknown”.

class azure.mgmt.security.models.WorkspaceSetting(*, workspace_id: Optional[str] = None, scope: Optional[str] = None, **kwargs)[source]¶

Bases: azure.mgmt.security.models._models_py3.Resource

Configures where to store the OMS agent data for workspaces under a scope.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

id (str) – Resource Id.
name (str) – Resource name.
type (str) – Resource type.

Parameters

workspace_id (str) – The full Azure ID of the workspace to save the data in.
scope (str) – All the VMs in this scope will send their security data to the mentioned workspace unless overridden by a setting with more specific scope.

class azure.mgmt.security.models.WorkspaceSettingList(*, value: List[azure.mgmt.security.models._models_py3.WorkspaceSetting], **kwargs)[source]¶

Bases: msrest.serialization.Model

List of workspace settings response.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Parameters: value (list[WorkspaceSetting]) – Required. List of workspace settings.
Variables: next_link (str) – The URI to fetch the next page.