azure.mgmt.security.models module¶
-
class
azure.mgmt.security.models.
AadConnectivityState
(*, connectivity_state: Optional[str] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
Describes an Azure resource with kind.
- Parameters
connectivity_state (str or AadConnectivityStateEnum) – The connectivity state of the external AAD solution. Possible values include: “Discovered”, “NotLicensed”, “Connected”.
-
class
azure.mgmt.security.models.
AadConnectivityStateEnum
(value)[source]¶ -
The connectivity state of the external AAD solution
-
CONNECTED
= 'Connected'¶
-
DISCOVERED
= 'Discovered'¶
-
NOT_LICENSED
= 'NotLicensed'¶
-
-
class
azure.mgmt.security.models.
AadExternalSecuritySolution
(*, kind: Optional[str] = None, properties: Optional[azure.mgmt.security.models._models_py3.AadSolutionProperties] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.ExternalSecuritySolution
Represents an AAD identity protection solution which sends logs to an OMS workspace.
Variables are only populated by the server, and will be ignored when sending a request.
- Parameters
kind (str or ExternalSecuritySolutionKindEnum) – The kind of the external solution. Possible values include: “CEF”, “ATA”, “AAD”.
properties (AadSolutionProperties) – The external security solution properties for AAD solutions.
- Variables
-
class
azure.mgmt.security.models.
AadSolutionProperties
(*, connectivity_state: Optional[str] = None, additional_properties: Optional[Dict[str, Any]] = None, device_vendor: Optional[str] = None, device_type: Optional[str] = None, workspace: Optional[azure.mgmt.security.models._models_py3.ConnectedWorkspace] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.ExternalSecuritySolutionProperties
,azure.mgmt.security.models._models_py3.AadConnectivityState
The external security solution properties for AAD solutions.
- Parameters
connectivity_state (str or AadConnectivityStateEnum) – The connectivity state of the external AAD solution. Possible values include: “Discovered”, “NotLicensed”, “Connected”.
additional_properties (dict[str, any]) – Unmatched properties from the message are deserialized to this collection.
device_vendor (str) –
device_type (str) –
workspace (ConnectedWorkspace) – Represents an OMS workspace to which the solution is connected.
-
class
azure.mgmt.security.models.
ActionType
(value)[source]¶ -
The type of the action that will be triggered by the Automation
-
EVENT_HUB
= 'EventHub'¶
-
LOGIC_APP
= 'LogicApp'¶
-
WORKSPACE
= 'Workspace'¶
-
-
class
azure.mgmt.security.models.
ActiveConnectionsNotInAllowedRange
(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size: datetime.timedelta, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule
Number of active connections is not in allowed range.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Variables
- Parameters
is_enabled (bool) – Required. Status of the custom alert.
rule_type (str) – Required. The type of the custom alert rule.Constant filled by server.
min_threshold (int) – Required. The minimum threshold.
max_threshold (int) – Required. The maximum threshold.
time_window_size (timedelta) – Required. The time window size in iso8601 format.
-
class
azure.mgmt.security.models.
AdaptiveApplicationControlGroup
(*, enforcement_mode: Optional[str] = None, protection_mode: Optional[azure.mgmt.security.models._models_py3.ProtectionMode] = None, vm_recommendations: Optional[List[azure.mgmt.security.models._models_py3.VmRecommendation]] = None, path_recommendations: Optional[List[azure.mgmt.security.models._models_py3.PathRecommendation]] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
,azure.mgmt.security.models._models_py3.Location
AdaptiveApplicationControlGroup.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
location (str) – Location where the resource is stored.
name (str) – Resource name.
configuration_status (str or ConfigurationStatus) – The configuration status of the machines group or machine or rule. Possible values include: “Configured”, “NotConfigured”, “InProgress”, “Failed”, “NoStatus”.
recommendation_status (str or RecommendationStatus) – The initial recommendation status of the machine group or machine. Possible values include: “Recommended”, “NotRecommended”, “NotAvailable”, “NoStatus”.
issues (list[AdaptiveApplicationControlIssueSummary]) –
source_system (str or SourceSystem) – The source type of the machine group. Possible values include: “Azure_AppLocker”, “Azure_AuditD”, “NonAzure_AppLocker”, “NonAzure_AuditD”, “None”.
- Parameters
enforcement_mode (str or EnforcementMode) – The application control policy enforcement/protection mode of the machine group. Possible values include: “Audit”, “Enforce”, “None”.
protection_mode (ProtectionMode) – The protection mode of the collection/file types. Exe/Msi/Script are used for Windows, Executable is used for Linux.
vm_recommendations (list[VmRecommendation]) –
path_recommendations (list[PathRecommendation]) –
-
class
azure.mgmt.security.models.
AdaptiveApplicationControlGroups
(*, value: Optional[List[azure.mgmt.security.models._models_py3.AdaptiveApplicationControlGroup]] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
Represents a list of machine groups and set of rules that are recommended by Azure Security Center to be allowed.
- Parameters
value (list[AdaptiveApplicationControlGroup]) –
-
class
azure.mgmt.security.models.
AdaptiveApplicationControlIssue
(value)[source]¶ -
An alert that machines within a group can have
-
EXECUTABLE_VIOLATIONS_AUDITED
= 'ExecutableViolationsAudited'¶
-
MSI_AND_SCRIPT_VIOLATIONS_AUDITED
= 'MsiAndScriptViolationsAudited'¶
-
MSI_AND_SCRIPT_VIOLATIONS_BLOCKED
= 'MsiAndScriptViolationsBlocked'¶
-
RULES_VIOLATED_MANUALLY
= 'RulesViolatedManually'¶
-
VIOLATIONS_AUDITED
= 'ViolationsAudited'¶
-
VIOLATIONS_BLOCKED
= 'ViolationsBlocked'¶
-
-
class
azure.mgmt.security.models.
AdaptiveApplicationControlIssueSummary
(*, issue: Optional[str] = None, number_of_vms: Optional[float] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
Represents a summary of the alerts of the machine group.
- Parameters
issue (str or AdaptiveApplicationControlIssue) – An alert that machines within a group can have. Possible values include: “ViolationsAudited”, “ViolationsBlocked”, “MsiAndScriptViolationsAudited”, “MsiAndScriptViolationsBlocked”, “ExecutableViolationsAudited”, “RulesViolatedManually”.
number_of_vms (float) – The number of machines in the group that have this alert.
-
class
azure.mgmt.security.models.
AdaptiveNetworkHardening
(*, rules: Optional[List[azure.mgmt.security.models._models_py3.Rule]] = None, rules_calculation_time: Optional[datetime.datetime] = None, effective_network_security_groups: Optional[List[azure.mgmt.security.models._models_py3.EffectiveNetworkSecurityGroups]] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
The resource whose properties describes the Adaptive Network Hardening settings for some Azure resource.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
- Parameters
rules (list[Rule]) – The security rules which are recommended to be effective on the VM.
rules_calculation_time (datetime) – The UTC time on which the rules were calculated.
effective_network_security_groups (list[EffectiveNetworkSecurityGroups]) – The Network Security Groups effective on the network interfaces of the protected resource.
-
class
azure.mgmt.security.models.
AdaptiveNetworkHardeningEnforceRequest
(*, rules: List[azure.mgmt.security.models._models_py3.Rule], network_security_groups: List[str], **kwargs)[source]¶ Bases:
msrest.serialization.Model
AdaptiveNetworkHardeningEnforceRequest.
All required parameters must be populated in order to send to Azure.
-
class
azure.mgmt.security.models.
AdaptiveNetworkHardeningsList
(*, value: Optional[List[azure.mgmt.security.models._models_py3.AdaptiveNetworkHardening]] = None, next_link: Optional[str] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
Response for ListAdaptiveNetworkHardenings API service call.
- Parameters
value (list[AdaptiveNetworkHardening]) – A list of Adaptive Network Hardenings resources.
next_link (str) – The URL to get the next set of results.
-
class
azure.mgmt.security.models.
AdditionalData
(**kwargs)[source]¶ Bases:
msrest.serialization.Model
Details of the sub-assessment.
You probably want to use the sub-classes and not this class directly. Known sub-classes are: ContainerRegistryVulnerabilityProperties, ServerVulnerabilityProperties, SqlServerVulnerabilityProperties.
All required parameters must be populated in order to send to Azure.
- Parameters
assessed_resource_type (str or AssessedResourceType) – Required. Sub-assessment resource type.Constant filled by server. Possible values include: “SqlServerVulnerability”, “ContainerRegistryVulnerability”, “ServerVulnerability”.
-
class
azure.mgmt.security.models.
AdditionalWorkspaceDataType
(value)[source]¶ -
Data types sent to workspace.
-
ALERTS
= 'Alerts'¶
-
RAW_EVENTS
= 'RawEvents'¶
-
-
class
azure.mgmt.security.models.
AdditionalWorkspaceType
(value)[source]¶ -
Workspace type.
-
SENTINEL
= 'Sentinel'¶
-
-
class
azure.mgmt.security.models.
AdditionalWorkspacesProperties
(*, workspace: Optional[str] = None, type: Optional[str] = 'Sentinel', data_types: Optional[List[str]] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
Properties of the additional workspaces.
- Parameters
workspace (str) – Workspace resource id.
type (str or AdditionalWorkspaceType) – Workspace type. Possible values include: “Sentinel”. Default value: “Sentinel”.
data_types (list[str or AdditionalWorkspaceDataType]) – List of data types sent to workspace.
-
class
azure.mgmt.security.models.
AdvancedThreatProtectionSetting
(*, is_enabled: Optional[bool] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
The Advanced Threat Protection resource.
Variables are only populated by the server, and will be ignored when sending a request.
-
class
azure.mgmt.security.models.
Alert
(*, extended_properties: Optional[Dict[str, str]] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
Security alert.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
name (str) – Resource name.
alert_type (str) – Unique identifier for the detection logic (all alert instances from the same detection logic will have the same alertType).
system_alert_id (str) – Unique identifier for the alert.
product_component_name (str) – The name of Azure Security Center pricing tier which powering this alert. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-pricing.
alert_display_name (str) – The display name of the alert.
description (str) – Description of the suspicious activity that was detected.
severity (str or AlertSeverity) – The risk level of the threat that was detected. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-alerts-overview#how-are-alerts-classified. Possible values include: “Informational”, “Low”, “Medium”, “High”.
intent (str or Intent) – The kill chain related intent behind the alert. For list of supported values, and explanations of Azure Security Center’s supported kill chain intents. Possible values include: “Unknown”, “PreAttack”, “InitialAccess”, “Persistence”, “PrivilegeEscalation”, “DefenseEvasion”, “CredentialAccess”, “Discovery”, “LateralMovement”, “Execution”, “Collection”, “Exfiltration”, “CommandAndControl”, “Impact”, “Probing”, “Exploitation”.
start_time_utc (datetime) – The UTC time of the first event or activity included in the alert in ISO8601 format.
end_time_utc (datetime) – The UTC time of the last event or activity included in the alert in ISO8601 format.
resource_identifiers (list[ResourceIdentifier]) – The resource identifiers that can be used to direct the alert to the right product exposure group (tenant, workspace, subscription etc.). There can be multiple identifiers of different type per alert.
remediation_steps (list[str]) – Manual action items to take to remediate the alert.
vendor_name (str) – The name of the vendor that raises the alert.
status (str or AlertStatus) – The life cycle status of the alert. Possible values include: “Active”, “Resolved”, “Dismissed”.
extended_links (list[dict[str, str]]) – Links related to the alert.
alert_uri (str) – A direct link to the alert page in Azure Portal.
time_generated_utc (datetime) – The UTC time the alert was generated in ISO8601 format.
product_name (str) – The name of the product which published this alert (Azure Security Center, Azure ATP, Microsoft Defender ATP, O365 ATP, MCAS, and so on).
processing_end_time_utc (datetime) – The UTC processing end time of the alert in ISO8601 format.
entities (list[AlertEntity]) – A list of entities related to the alert.
is_incident (bool) – This field determines whether the alert is an incident (a compound grouping of several alerts) or a single alert.
correlation_key (str) – Key for corelating related alerts. Alerts with the same correlation key considered to be related.
compromised_entity (str) – The display name of the resource most related to this alert.
- Parameters
extended_properties (dict[str, str]) – Custom properties for the alert.
-
class
azure.mgmt.security.models.
AlertEntity
(*, additional_properties: Optional[Dict[str, Any]] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
Changing set of properties depending on the entity type.
Variables are only populated by the server, and will be ignored when sending a request.
-
class
azure.mgmt.security.models.
AlertList
(*, value: Optional[List[azure.mgmt.security.models._models_py3.Alert]] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
List of security alerts.
Variables are only populated by the server, and will be ignored when sending a request.
-
class
azure.mgmt.security.models.
AlertNotifications
(value)[source]¶ -
Whether to send security alerts notifications to the security contact
-
OFF
= 'Off'¶ Don’t get notifications on new alerts.
-
ON
= 'On'¶ Get notifications on new alerts.
-
-
class
azure.mgmt.security.models.
AlertSeverity
(value)[source]¶ -
The risk level of the threat that was detected. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-alerts-overview#how-are-alerts-classified.
-
HIGH
= 'High'¶ High.
-
INFORMATIONAL
= 'Informational'¶ Informational.
-
LOW
= 'Low'¶ Low.
-
MEDIUM
= 'Medium'¶ Medium.
-
-
class
azure.mgmt.security.models.
AlertSimulatorBundlesRequestProperties
(*, additional_properties: Optional[Dict[str, Any]] = None, bundles: Optional[List[str]] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.AlertSimulatorRequestProperties
Simulate alerts according to this bundles.
All required parameters must be populated in order to send to Azure.
- Parameters
-
class
azure.mgmt.security.models.
AlertSimulatorRequestBody
(*, properties: Optional[azure.mgmt.security.models._models_py3.AlertSimulatorRequestProperties] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
Alert Simulator request body.
- Parameters
properties (AlertSimulatorRequestProperties) – Alert Simulator request body data.
-
class
azure.mgmt.security.models.
AlertSimulatorRequestProperties
(*, additional_properties: Optional[Dict[str, Any]] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
Describes properties of an alert simulation request.
You probably want to use the sub-classes and not this class directly. Known sub-classes are: AlertSimulatorBundlesRequestProperties.
All required parameters must be populated in order to send to Azure.
-
class
azure.mgmt.security.models.
AlertStatus
(value)[source]¶ -
The life cycle status of the alert.
-
ACTIVE
= 'Active'¶ An alert which doesn’t specify a value is assigned the status ‘Active’.
-
DISMISSED
= 'Dismissed'¶ Alert dismissed as false positive.
-
RESOLVED
= 'Resolved'¶ Alert closed after handling.
-
-
class
azure.mgmt.security.models.
AlertSyncSettings
(*, enabled: Optional[bool] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Setting
Represents an alert sync setting.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Variables
- Parameters
kind (str or SettingKind) – Required. the kind of the settings string.Constant filled by server. Possible values include: “DataExportSettings”, “AlertSuppressionSetting”, “AlertSyncSettings”.
enabled (bool) – Is the alert sync setting enabled.
-
class
azure.mgmt.security.models.
AlertsSuppressionRule
(*, alert_type: Optional[str] = None, expiration_date_utc: Optional[datetime.datetime] = None, reason: Optional[str] = None, state: Optional[str] = None, comment: Optional[str] = None, suppression_alerts_scope: Optional[azure.mgmt.security.models._models_py3.SuppressionAlertsScope] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
Describes the suppression rule.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
- Parameters
alert_type (str) – Type of the alert to automatically suppress. For all alert types, use ‘*’.
expiration_date_utc (datetime) – Expiration date of the rule, if value is not provided or provided as null this field will default to the maximum allowed expiration date.
reason (str) – The reason for dismissing the alert.
state (str or RuleState) – Possible states of the rule. Possible values include: “Enabled”, “Disabled”, “Expired”.
comment (str) – Any comment regarding the rule.
suppression_alerts_scope (SuppressionAlertsScope) – The suppression conditions.
-
class
azure.mgmt.security.models.
AlertsSuppressionRulesList
(*, value: List[azure.mgmt.security.models._models_py3.AlertsSuppressionRule], **kwargs)[source]¶ Bases:
msrest.serialization.Model
Suppression rules list for subscription.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Parameters
value (list[AlertsSuppressionRule]) – Required.
- Variables
next_link (str) – URI to fetch the next page.
-
class
azure.mgmt.security.models.
AlertsToAdmins
(value)[source]¶ -
Whether to send security alerts notifications to subscription admins
-
OFF
= 'Off'¶ Don’t send notification on new alerts to the subscription’s admins.
-
ON
= 'On'¶ Send notification on new alerts to the subscription’s admins.
-
-
class
azure.mgmt.security.models.
AllowedConnectionsList
(**kwargs)[source]¶ Bases:
msrest.serialization.Model
List of all possible traffic between Azure resources.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
value (list[AllowedConnectionsResource]) –
next_link (str) – The URI to fetch the next page.
-
class
azure.mgmt.security.models.
AllowedConnectionsResource
(**kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
,azure.mgmt.security.models._models_py3.Location
The resource whose properties describes the allowed traffic between Azure resources.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
location (str) – Location where the resource is stored.
name (str) – Resource name.
calculated_date_time (datetime) – The UTC time on which the allowed connections resource was calculated.
connectable_resources (list[ConnectableResource]) – List of connectable resources.
-
class
azure.mgmt.security.models.
AllowlistCustomAlertRule
(*, is_enabled: bool, allowlist_values: List[str], **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.ListCustomAlertRule
A custom alert rule that checks if a value (depends on the custom alert type) is allowed.
You probably want to use the sub-classes and not this class directly. Known sub-classes are: ConnectionFromIpNotAllowed, ConnectionToIpNotAllowed, LocalUserNotAllowed, ProcessNotAllowed.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Variables
- Parameters
-
class
azure.mgmt.security.models.
AmqpC2DMessagesNotInAllowedRange
(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size: datetime.timedelta, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule
Number of cloud to device messages (AMQP protocol) is not in allowed range.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Variables
- Parameters
is_enabled (bool) – Required. Status of the custom alert.
rule_type (str) – Required. The type of the custom alert rule.Constant filled by server.
min_threshold (int) – Required. The minimum threshold.
max_threshold (int) – Required. The maximum threshold.
time_window_size (timedelta) – Required. The time window size in iso8601 format.
-
class
azure.mgmt.security.models.
AmqpC2DRejectedMessagesNotInAllowedRange
(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size: datetime.timedelta, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule
Number of rejected cloud to device messages (AMQP protocol) is not in allowed range.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Variables
- Parameters
is_enabled (bool) – Required. Status of the custom alert.
rule_type (str) – Required. The type of the custom alert rule.Constant filled by server.
min_threshold (int) – Required. The minimum threshold.
max_threshold (int) – Required. The maximum threshold.
time_window_size (timedelta) – Required. The time window size in iso8601 format.
-
class
azure.mgmt.security.models.
AmqpD2CMessagesNotInAllowedRange
(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size: datetime.timedelta, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule
Number of device to cloud messages (AMQP protocol) is not in allowed range.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Variables
- Parameters
is_enabled (bool) – Required. Status of the custom alert.
rule_type (str) – Required. The type of the custom alert rule.Constant filled by server.
min_threshold (int) – Required. The minimum threshold.
max_threshold (int) – Required. The maximum threshold.
time_window_size (timedelta) – Required. The time window size in iso8601 format.
-
class
azure.mgmt.security.models.
AscLocation
(*, properties: Optional[Any] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
The ASC location of the subscription is in the “name” field.
Variables are only populated by the server, and will be ignored when sending a request.
-
class
azure.mgmt.security.models.
AscLocationList
(**kwargs)[source]¶ Bases:
msrest.serialization.Model
List of locations where ASC saves your data.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
value (list[AscLocation]) –
next_link (str) – The URI to fetch the next page.
-
class
azure.mgmt.security.models.
AssessedResourceType
(value)[source]¶ -
Sub-assessment resource type
-
CONTAINER_REGISTRY_VULNERABILITY
= 'ContainerRegistryVulnerability'¶
-
SERVER_VULNERABILITY
= 'ServerVulnerability'¶
-
SQL_SERVER_VULNERABILITY
= 'SqlServerVulnerability'¶
-
-
class
azure.mgmt.security.models.
AssessmentLinks
(**kwargs)[source]¶ Bases:
msrest.serialization.Model
Links relevant to the assessment.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
azure_portal_uri (str) – Link to assessment in Azure Portal.
-
class
azure.mgmt.security.models.
AssessmentStatus
(*, code: str, cause: Optional[str] = None, description: Optional[str] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
The result of the assessment.
All required parameters must be populated in order to send to Azure.
- Parameters
code (str or AssessmentStatusCode) – Required. Programmatic code for the status of the assessment. Possible values include: “Healthy”, “Unhealthy”, “NotApplicable”.
cause (str) – Programmatic code for the cause of the assessment status.
description (str) – Human readable description of the assessment status.
-
class
azure.mgmt.security.models.
AssessmentStatusCode
(value)[source]¶ -
Programmatic code for the status of the assessment
-
HEALTHY
= 'Healthy'¶ The resource is healthy.
-
NOT_APPLICABLE
= 'NotApplicable'¶ Assessment for this resource did not happen.
-
UNHEALTHY
= 'Unhealthy'¶ The resource has a security issue that needs to be addressed.
-
-
class
azure.mgmt.security.models.
AssessmentType
(value)[source]¶ -
BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition
-
BUILT_IN
= 'BuiltIn'¶ Azure Security Center managed assessments.
-
CUSTOMER_MANAGED
= 'CustomerManaged'¶ User assessments pushed directly by the user or other third party to Azure Security Center.
-
CUSTOM_POLICY
= 'CustomPolicy'¶ User defined policies that are automatically ingested from Azure Policy to Azure Security Center.
-
VERIFIED_PARTNER
= 'VerifiedPartner'¶ An assessment that was created by a verified 3rd party if the user connected it to ASC.
-
-
class
azure.mgmt.security.models.
AtaExternalSecuritySolution
(*, kind: Optional[str] = None, properties: Optional[azure.mgmt.security.models._models_py3.AtaSolutionProperties] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.ExternalSecuritySolution
Represents an ATA security solution which sends logs to an OMS workspace.
Variables are only populated by the server, and will be ignored when sending a request.
- Parameters
kind (str or ExternalSecuritySolutionKindEnum) – The kind of the external solution. Possible values include: “CEF”, “ATA”, “AAD”.
properties (AtaSolutionProperties) – The external security solution properties for ATA solutions.
- Variables
-
class
azure.mgmt.security.models.
AtaSolutionProperties
(*, additional_properties: Optional[Dict[str, Any]] = None, device_vendor: Optional[str] = None, device_type: Optional[str] = None, workspace: Optional[azure.mgmt.security.models._models_py3.ConnectedWorkspace] = None, last_event_received: Optional[str] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.ExternalSecuritySolutionProperties
The external security solution properties for ATA solutions.
-
class
azure.mgmt.security.models.
AuthenticationDetailsProperties
(**kwargs)[source]¶ Bases:
msrest.serialization.Model
Settings for cloud authentication management.
You probably want to use the sub-classes and not this class directly. Known sub-classes are: AwAssumeRoleAuthenticationDetailsProperties, AwsCredsAuthenticationDetailsProperties, GcpCredentialsDetailsProperties.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Variables
authentication_provisioning_state (str or AuthenticationProvisioningState) – State of the multi-cloud connector. Possible values include: “Valid”, “Invalid”, “Expired”, “IncorrectPolicy”.
granted_permissions (list[str or PermissionProperty]) – The permissions detected in the cloud account.
- Parameters
authentication_type (str or AuthenticationType) – Required. Connect to your cloud account, for AWS use either account credentials or role-based authentication. For GCP use account organization credentials.Constant filled by server. Possible values include: “awsCreds”, “awsAssumeRole”, “gcpCredentials”.
-
class
azure.mgmt.security.models.
AuthenticationProvisioningState
(value)[source]¶ -
State of the multi-cloud connector
-
EXPIRED
= 'Expired'¶ the connection has expired.
-
INCORRECT_POLICY
= 'IncorrectPolicy'¶ Incorrect policy of the connector.
-
INVALID
= 'Invalid'¶ Invalid connector.
-
VALID
= 'Valid'¶ Valid connector.
-
-
class
azure.mgmt.security.models.
AuthenticationType
(value)[source]¶ -
Connect to your cloud account, for AWS use either account credentials or role-based authentication. For GCP use account organization credentials.
-
AWS_ASSUME_ROLE
= 'awsAssumeRole'¶ AWS account connector assume role authentication.
-
AWS_CREDS
= 'awsCreds'¶ AWS cloud account connector user credentials authentication.
-
GCP_CREDENTIALS
= 'gcpCredentials'¶ GCP account connector service to service authentication.
-
-
class
azure.mgmt.security.models.
AutoProvision
(value)[source]¶ -
Describes what kind of security agent provisioning action to take
-
OFF
= 'Off'¶ Do not install security agent on the VMs automatically.
-
ON
= 'On'¶ Install missing security agent on VMs automatically.
-
-
class
azure.mgmt.security.models.
AutoProvisioningSetting
(*, auto_provision: Optional[str] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
Auto provisioning setting.
Variables are only populated by the server, and will be ignored when sending a request.
-
class
azure.mgmt.security.models.
AutoProvisioningSettingList
(*, value: Optional[List[azure.mgmt.security.models._models_py3.AutoProvisioningSetting]] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
List of all the auto provisioning settings response.
Variables are only populated by the server, and will be ignored when sending a request.
- Parameters
value (list[AutoProvisioningSetting]) – List of all the auto provisioning settings.
- Variables
next_link (str) – The URI to fetch the next page.
-
class
azure.mgmt.security.models.
Automation
(*, tags: Optional[Dict[str, str]] = None, etag: Optional[str] = None, kind: Optional[str] = None, location: Optional[str] = None, description: Optional[str] = None, is_enabled: Optional[bool] = None, scopes: Optional[List[azure.mgmt.security.models._models_py3.AutomationScope]] = None, sources: Optional[List[azure.mgmt.security.models._models_py3.AutomationSource]] = None, actions: Optional[List[azure.mgmt.security.models._models_py3.AutomationAction]] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.TrackedResource
The security automation resource.
Variables are only populated by the server, and will be ignored when sending a request.
- Parameters
tags (dict[str, str]) – A set of tags. A list of key value pairs that describe the resource.
etag (str) – Entity tag is used for comparing two or more entities from the same requested resource.
kind (str) – Kind of the resource.
location (str) – Location where the resource is stored.
description (str) – The security automation description.
is_enabled (bool) – Indicates whether the security automation is enabled.
scopes (list[AutomationScope]) – A collection of scopes on which the security automations logic is applied. Supported scopes are the subscription itself or a resource group under that subscription. The automation will only apply on defined scopes.
sources (list[AutomationSource]) – A collection of the source event types which evaluate the security automation set of rules.
actions (list[AutomationAction]) – A collection of the actions which are triggered if all the configured rules evaluations, within at least one rule set, are true.
- Variables
-
class
azure.mgmt.security.models.
AutomationAction
(**kwargs)[source]¶ Bases:
msrest.serialization.Model
The action that should be triggered.
You probably want to use the sub-classes and not this class directly. Known sub-classes are: AutomationActionEventHub, AutomationActionLogicApp, AutomationActionWorkspace.
All required parameters must be populated in order to send to Azure.
- Parameters
action_type (str or ActionType) – Required. The type of the action that will be triggered by the Automation.Constant filled by server. Possible values include: “LogicApp”, “EventHub”, “Workspace”.
-
class
azure.mgmt.security.models.
AutomationActionEventHub
(*, event_hub_resource_id: Optional[str] = None, connection_string: Optional[str] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.AutomationAction
The target Event Hub to which event data will be exported. To learn more about Security Center continuous export capabilities, visit https://aka.ms/ASCExportLearnMore.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Parameters
action_type (str or ActionType) – Required. The type of the action that will be triggered by the Automation.Constant filled by server. Possible values include: “LogicApp”, “EventHub”, “Workspace”.
event_hub_resource_id (str) – The target Event Hub Azure Resource ID.
connection_string (str) – The target Event Hub connection string (it will not be included in any response).
- Variables
sas_policy_name (str) – The target Event Hub SAS policy name.
-
class
azure.mgmt.security.models.
AutomationActionLogicApp
(*, logic_app_resource_id: Optional[str] = None, uri: Optional[str] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.AutomationAction
The logic app action that should be triggered. To learn more about Security Center’s Workflow Automation capabilities, visit https://aka.ms/ASCWorkflowAutomationLearnMore.
All required parameters must be populated in order to send to Azure.
- Parameters
action_type (str or ActionType) – Required. The type of the action that will be triggered by the Automation.Constant filled by server. Possible values include: “LogicApp”, “EventHub”, “Workspace”.
logic_app_resource_id (str) – The triggered Logic App Azure Resource ID. This can also reside on other subscriptions, given that you have permissions to trigger the Logic App.
uri (str) – The Logic App trigger URI endpoint (it will not be included in any response).
-
class
azure.mgmt.security.models.
AutomationActionWorkspace
(*, workspace_resource_id: Optional[str] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.AutomationAction
The Log Analytics Workspace to which event data will be exported. Security alerts data will reside in the ‘SecurityAlert’ table and the assessments data will reside in the ‘SecurityRecommendation’ table (under the ‘Security’/’SecurityCenterFree’ solutions). Note that in order to view the data in the workspace, the Security Center Log Analytics free/standard solution needs to be enabled on that workspace. To learn more about Security Center continuous export capabilities, visit https://aka.ms/ASCExportLearnMore.
All required parameters must be populated in order to send to Azure.
- Parameters
action_type (str or ActionType) – Required. The type of the action that will be triggered by the Automation.Constant filled by server. Possible values include: “LogicApp”, “EventHub”, “Workspace”.
workspace_resource_id (str) – The fully qualified Log Analytics Workspace Azure Resource ID.
-
class
azure.mgmt.security.models.
AutomationList
(*, value: List[azure.mgmt.security.models._models_py3.Automation], **kwargs)[source]¶ Bases:
msrest.serialization.Model
List of security automations response.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Parameters
value (list[Automation]) – Required. The list of security automations under the given scope.
- Variables
next_link (str) – The URI to fetch the next page.
-
class
azure.mgmt.security.models.
AutomationRuleSet
(*, rules: Optional[List[azure.mgmt.security.models._models_py3.AutomationTriggeringRule]] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
A rule set which evaluates all its rules upon an event interception. Only when all the included rules in the rule set will be evaluated as ‘true’, will the event trigger the defined actions.
- Parameters
rules (list[AutomationTriggeringRule]) –
-
class
azure.mgmt.security.models.
AutomationScope
(*, description: Optional[str] = None, scope_path: Optional[str] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
A single automation scope.
-
class
azure.mgmt.security.models.
AutomationSource
(*, event_source: Optional[str] = None, rule_sets: Optional[List[azure.mgmt.security.models._models_py3.AutomationRuleSet]] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
The source event types which evaluate the security automation set of rules. For example - security alerts and security assessments. To learn more about the supported security events data models schemas - please visit https://aka.ms/ASCAutomationSchemas.
- Parameters
event_source (str or EventSource) – A valid event source type. Possible values include: “Assessments”, “SubAssessments”, “Alerts”, “SecureScores”, “SecureScoresSnapshot”, “SecureScoreControls”, “SecureScoreControlsSnapshot”, “RegulatoryComplianceAssessment”, “RegulatoryComplianceAssessmentSnapshot”.
rule_sets (list[AutomationRuleSet]) – A set of rules which evaluate upon event interception. A logical disjunction is applied between defined rule sets (logical ‘or’).
-
class
azure.mgmt.security.models.
AutomationTriggeringRule
(*, property_j_path: Optional[str] = None, property_type: Optional[str] = None, expected_value: Optional[str] = None, operator: Optional[str] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
A rule which is evaluated upon event interception. The rule is configured by comparing a specific value from the event model to an expected value. This comparison is done by using one of the supported operators set.
- Parameters
property_j_path (str) – The JPath of the entity model property that should be checked.
property_type (str or PropertyType) – The data type of the compared operands (string, integer, floating point number or a boolean [true/false]]. Possible values include: “String”, “Integer”, “Number”, “Boolean”.
expected_value (str) – The expected value.
operator (str or Operator) – A valid comparer operator to use. A case-insensitive comparison will be applied for String PropertyType. Possible values include: “Equals”, “GreaterThan”, “GreaterThanOrEqualTo”, “LesserThan”, “LesserThanOrEqualTo”, “NotEquals”, “Contains”, “StartsWith”, “EndsWith”.
-
class
azure.mgmt.security.models.
AutomationValidationStatus
(*, is_valid: Optional[bool] = None, message: Optional[str] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
The security automation model state property bag.
-
class
azure.mgmt.security.models.
AwAssumeRoleAuthenticationDetailsProperties
(*, aws_assume_role_arn: str, aws_external_id: str, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.AuthenticationDetailsProperties
AWS cloud account connector based assume role, the role enables delegating access to your AWS resources. The role is composed of role Amazon Resource Name (ARN) and external ID. For more details, refer to
<a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user.html">Creating a Role to Delegate Permissions to an IAM User (write only)</a>
.Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Variables
authentication_provisioning_state (str or AuthenticationProvisioningState) – State of the multi-cloud connector. Possible values include: “Valid”, “Invalid”, “Expired”, “IncorrectPolicy”.
granted_permissions (list[str or PermissionProperty]) – The permissions detected in the cloud account.
account_id (str) – The ID of the cloud account.
- Parameters
authentication_type (str or AuthenticationType) – Required. Connect to your cloud account, for AWS use either account credentials or role-based authentication. For GCP use account organization credentials.Constant filled by server. Possible values include: “awsCreds”, “awsAssumeRole”, “gcpCredentials”.
aws_assume_role_arn (str) – Required. Assumed role ID is an identifier that you can use to create temporary security credentials.
aws_external_id (str) – Required. A unique identifier that is required when you assume a role in another account.
-
class
azure.mgmt.security.models.
AwsCredsAuthenticationDetailsProperties
(*, aws_access_key_id: str, aws_secret_access_key: str, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.AuthenticationDetailsProperties
AWS cloud account connector based credentials, the credentials is composed of access key ID and secret key, for more details, refer to
<a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html">Creating an IAM User in Your AWS Account (write only)</a>
.Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Variables
authentication_provisioning_state (str or AuthenticationProvisioningState) – State of the multi-cloud connector. Possible values include: “Valid”, “Invalid”, “Expired”, “IncorrectPolicy”.
granted_permissions (list[str or PermissionProperty]) – The permissions detected in the cloud account.
account_id (str) – The ID of the cloud account.
- Parameters
authentication_type (str or AuthenticationType) – Required. Connect to your cloud account, for AWS use either account credentials or role-based authentication. For GCP use account organization credentials.Constant filled by server. Possible values include: “awsCreds”, “awsAssumeRole”, “gcpCredentials”.
aws_access_key_id (str) – Required. Public key element of the AWS credential object (write only).
aws_secret_access_key (str) – Required. Secret key element of the AWS credential object (write only).
-
class
azure.mgmt.security.models.
AzureResourceDetails
(**kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.ResourceDetails
Details of the Azure resource that was assessed.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
-
class
azure.mgmt.security.models.
AzureResourceIdentifier
(**kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.ResourceIdentifier
Azure resource identifier.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Parameters
type (str or ResourceIdentifierType) – Required. There can be multiple identifiers of different type per alert, this field specify the identifier type.Constant filled by server. Possible values include: “AzureResource”, “LogAnalytics”.
- Variables
azure_resource_id (str) – ARM resource identifier for the cloud resource being alerted on.
-
class
azure.mgmt.security.models.
AzureResourceLink
(**kwargs)[source]¶ Bases:
msrest.serialization.Model
Describes an Azure resource with kind.
Variables are only populated by the server, and will be ignored when sending a request.
-
class
azure.mgmt.security.models.
AzureTrackedResourceLocation
(*, location: Optional[str] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
Describes an Azure resource with location.
- Parameters
location (str) – Location where the resource is stored.
-
class
azure.mgmt.security.models.
Baseline
(*, expected_results: Optional[List[List[str]]] = None, updated_time: Optional[datetime.datetime] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
Baseline details.
-
class
azure.mgmt.security.models.
BaselineAdjustedResult
(*, baseline: Optional[azure.mgmt.security.models._models_py3.Baseline] = None, status: Optional[str] = None, results_not_in_baseline: Optional[List[List[str]]] = None, results_only_in_baseline: Optional[List[List[str]]] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
The rule result adjusted with baseline.
- Parameters
baseline (Baseline) – Baseline details.
status (str or RuleStatus) – The rule result status. Possible values include: “NonFinding”, “Finding”, “InternalError”.
results_not_in_baseline (list[list[str]]) – Results the are not in baseline.
results_only_in_baseline (list[list[str]]) – Results the are in baseline.
-
class
azure.mgmt.security.models.
BenchmarkReference
(*, benchmark: Optional[str] = None, reference: Optional[str] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
The benchmark references.
-
class
azure.mgmt.security.models.
BundleType
(value)[source]¶ -
Alert Simulator supported bundles.
-
APP_SERVICES
= 'AppServices'¶
-
DNS
= 'DNS'¶
-
KEY_VAULTS
= 'KeyVaults'¶
-
KUBERNETES_SERVICE
= 'KubernetesService'¶
-
RESOURCE_MANAGER
= 'ResourceManager'¶
-
SQL_SERVERS
= 'SqlServers'¶
-
STORAGE_ACCOUNTS
= 'StorageAccounts'¶
-
VIRTUAL_MACHINES
= 'VirtualMachines'¶
-
-
class
azure.mgmt.security.models.
CVE
(**kwargs)[source]¶ Bases:
msrest.serialization.Model
CVE details.
Variables are only populated by the server, and will be ignored when sending a request.
-
class
azure.mgmt.security.models.
CVSS
(**kwargs)[source]¶ Bases:
msrest.serialization.Model
CVSS details.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
base (float) – CVSS base.
-
class
azure.mgmt.security.models.
Categories
(value)[source]¶ -
The categories of resource that is at risk when the assessment is unhealthy
-
COMPUTE
= 'Compute'¶
-
DATA
= 'Data'¶
-
IDENTITY_AND_ACCESS
= 'IdentityAndAccess'¶
-
IO_T
= 'IoT'¶
-
NETWORKING
= 'Networking'¶
-
-
class
azure.mgmt.security.models.
CefExternalSecuritySolution
(*, kind: Optional[str] = None, properties: Optional[azure.mgmt.security.models._models_py3.CefSolutionProperties] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.ExternalSecuritySolution
Represents a security solution which sends CEF logs to an OMS workspace.
Variables are only populated by the server, and will be ignored when sending a request.
- Parameters
kind (str or ExternalSecuritySolutionKindEnum) – The kind of the external solution. Possible values include: “CEF”, “ATA”, “AAD”.
properties (CefSolutionProperties) – The external security solution properties for CEF solutions.
- Variables
-
class
azure.mgmt.security.models.
CefSolutionProperties
(*, additional_properties: Optional[Dict[str, Any]] = None, device_vendor: Optional[str] = None, device_type: Optional[str] = None, workspace: Optional[azure.mgmt.security.models._models_py3.ConnectedWorkspace] = None, hostname: Optional[str] = None, agent: Optional[str] = None, last_event_received: Optional[str] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.ExternalSecuritySolutionProperties
The external security solution properties for CEF solutions.
- Parameters
additional_properties (dict[str, any]) – Unmatched properties from the message are deserialized to this collection.
device_vendor (str) –
device_type (str) –
workspace (ConnectedWorkspace) – Represents an OMS workspace to which the solution is connected.
hostname (str) –
agent (str) –
last_event_received (str) –
-
class
azure.mgmt.security.models.
CloudErrorBody
(**kwargs)[source]¶ Bases:
msrest.serialization.Model
The error detail.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
message (str) – The error message.
target (str) – The error target.
details (list[CloudErrorBody]) – The error details.
additional_info (list[ErrorAdditionalInfo]) – The error additional info.
-
class
azure.mgmt.security.models.
Compliance
(**kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
Compliance of a scope.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
name (str) – Resource name.
assessment_timestamp_utc_date (datetime) – The timestamp when the Compliance calculation was conducted.
resource_count (int) – The resource count of the given subscription for which the Compliance calculation was conducted (needed for Management Group Compliance calculation).
assessment_result (list[ComplianceSegment]) – An array of segment, which is the actually the compliance assessment.
-
class
azure.mgmt.security.models.
ComplianceList
(*, value: Optional[List[azure.mgmt.security.models._models_py3.Compliance]] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
List of Compliance objects response.
Variables are only populated by the server, and will be ignored when sending a request.
- Parameters
value (list[Compliance]) – List of Compliance objects.
- Variables
next_link (str) – The URI to fetch the next page.
-
class
azure.mgmt.security.models.
ComplianceResult
(**kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
a compliance result.
Variables are only populated by the server, and will be ignored when sending a request.
-
class
azure.mgmt.security.models.
ComplianceResultList
(*, value: List[azure.mgmt.security.models._models_py3.ComplianceResult], **kwargs)[source]¶ Bases:
msrest.serialization.Model
List of compliance results response.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Parameters
value (list[ComplianceResult]) – Required. List of compliance results.
- Variables
next_link (str) – The URI to fetch the next page.
-
class
azure.mgmt.security.models.
ComplianceSegment
(**kwargs)[source]¶ Bases:
msrest.serialization.Model
A segment of a compliance assessment.
Variables are only populated by the server, and will be ignored when sending a request.
-
class
azure.mgmt.security.models.
ConfigurationStatus
(value)[source]¶ -
The configuration status of the machines group or machine or rule
-
CONFIGURED
= 'Configured'¶
-
FAILED
= 'Failed'¶
-
IN_PROGRESS
= 'InProgress'¶
-
NOT_CONFIGURED
= 'NotConfigured'¶
-
NO_STATUS
= 'NoStatus'¶
-
-
class
azure.mgmt.security.models.
ConnectableResource
(**kwargs)[source]¶ Bases:
msrest.serialization.Model
Describes the allowed inbound and outbound traffic of an Azure resource.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
inbound_connected_resources (list[ConnectedResource]) – The list of Azure resources that the resource has inbound allowed connection from.
outbound_connected_resources (list[ConnectedResource]) – The list of Azure resources that the resource has outbound allowed connection to.
-
class
azure.mgmt.security.models.
ConnectedResource
(**kwargs)[source]¶ Bases:
msrest.serialization.Model
Describes properties of a connected resource.
Variables are only populated by the server, and will be ignored when sending a request.
-
class
azure.mgmt.security.models.
ConnectedWorkspace
(*, id: Optional[str] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
Represents an OMS workspace to which the solution is connected.
- Parameters
id (str) – Azure resource ID of the connected OMS workspace.
-
class
azure.mgmt.security.models.
ConnectionFromIpNotAllowed
(*, is_enabled: bool, allowlist_values: List[str], **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.AllowlistCustomAlertRule
Inbound connection from an ip that isn’t allowed. Allow list consists of ipv4 or ipv6 range in CIDR notation.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Variables
- Parameters
-
class
azure.mgmt.security.models.
ConnectionStrings
(*, value: List[azure.mgmt.security.models._models_py3.IngestionConnectionString], **kwargs)[source]¶ Bases:
msrest.serialization.Model
Connection string for ingesting security data and logs.
All required parameters must be populated in order to send to Azure.
- Parameters
value (list[IngestionConnectionString]) – Required. Connection strings.
-
class
azure.mgmt.security.models.
ConnectionToIpNotAllowed
(*, is_enabled: bool, allowlist_values: List[str], **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.AllowlistCustomAlertRule
Outbound connection to an ip that isn’t allowed. Allow list consists of ipv4 or ipv6 range in CIDR notation.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Variables
- Parameters
-
class
azure.mgmt.security.models.
ConnectionType
(value)[source]¶ -
An enumeration.
-
EXTERNAL
= 'External'¶
-
INTERNAL
= 'Internal'¶
-
-
class
azure.mgmt.security.models.
ConnectorSetting
(*, hybrid_compute_settings: Optional[azure.mgmt.security.models._models_py3.HybridComputeSettingsProperties] = None, authentication_details: Optional[azure.mgmt.security.models._models_py3.AuthenticationDetailsProperties] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
The connector setting.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
- Parameters
hybrid_compute_settings (HybridComputeSettingsProperties) – Settings for hybrid compute management. These settings are relevant only for Arc autoProvision (Hybrid Compute).
authentication_details (AuthenticationDetailsProperties) – Settings for authentication management, these settings are relevant only for the cloud connector.
-
class
azure.mgmt.security.models.
ConnectorSettingList
(*, value: Optional[List[azure.mgmt.security.models._models_py3.ConnectorSetting]] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
For a subscription, list of all cloud account connectors and their settings.
Variables are only populated by the server, and will be ignored when sending a request.
- Parameters
value (list[ConnectorSetting]) – List of all the cloud account connector settings.
- Variables
next_link (str) – The URI to fetch the next page.
-
class
azure.mgmt.security.models.
ContainerRegistryVulnerabilityProperties
(**kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.AdditionalData
Additional context fields for container registry Vulnerability assessment.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Parameters
assessed_resource_type (str or AssessedResourceType) – Required. Sub-assessment resource type.Constant filled by server. Possible values include: “SqlServerVulnerability”, “ContainerRegistryVulnerability”, “ServerVulnerability”.
- Variables
type (str) – Vulnerability Type. e.g: Vulnerability, Potential Vulnerability, Information Gathered, Vulnerability.
cvss (dict[str, CVSS]) – Dictionary from cvss version to cvss details object.
patchable (bool) – Indicates whether a patch is available or not.
published_time (datetime) – Published time.
vendor_references (list[VendorReference]) –
repository_name (str) – Name of the repository which the vulnerable image belongs to.
image_digest (str) – Digest of the vulnerable image.
-
class
azure.mgmt.security.models.
ControlType
(value)[source]¶ -
The type of security control (for example, BuiltIn)
-
BUILT_IN
= 'BuiltIn'¶ Azure Security Center managed assessments.
-
CUSTOM
= 'Custom'¶ Non Azure Security Center managed assessments.
-
-
class
azure.mgmt.security.models.
CreatedByType
(value)[source]¶ -
The type of identity that created the resource.
-
APPLICATION
= 'Application'¶
-
KEY
= 'Key'¶
-
MANAGED_IDENTITY
= 'ManagedIdentity'¶
-
USER
= 'User'¶
-
-
class
azure.mgmt.security.models.
CustomAlertRule
(*, is_enabled: bool, **kwargs)[source]¶ Bases:
msrest.serialization.Model
A custom alert rule.
You probably want to use the sub-classes and not this class directly. Known sub-classes are: ListCustomAlertRule, ThresholdCustomAlertRule.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
-
class
azure.mgmt.security.models.
DataExportSettings
(*, enabled: Optional[bool] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Setting
Represents a data export setting.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Variables
- Parameters
kind (str or SettingKind) – Required. the kind of the settings string.Constant filled by server. Possible values include: “DataExportSettings”, “AlertSuppressionSetting”, “AlertSyncSettings”.
enabled (bool) – Is the data export setting enabled.
-
class
azure.mgmt.security.models.
DataSource
(value)[source]¶ -
An enumeration.
-
TWIN_DATA
= 'TwinData'¶ Devices twin data.
-
-
class
azure.mgmt.security.models.
DenylistCustomAlertRule
(*, is_enabled: bool, denylist_values: List[str], **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.ListCustomAlertRule
A custom alert rule that checks if a value (depends on the custom alert type) is denied.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Variables
- Parameters
-
class
azure.mgmt.security.models.
DeviceSecurityGroup
(*, threshold_rules: Optional[List[azure.mgmt.security.models._models_py3.ThresholdCustomAlertRule]] = None, time_window_rules: Optional[List[azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule]] = None, allowlist_rules: Optional[List[azure.mgmt.security.models._models_py3.AllowlistCustomAlertRule]] = None, denylist_rules: Optional[List[azure.mgmt.security.models._models_py3.DenylistCustomAlertRule]] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
The device security group resource.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
- Parameters
threshold_rules (list[ThresholdCustomAlertRule]) – The list of custom alert threshold rules.
time_window_rules (list[TimeWindowCustomAlertRule]) – The list of custom alert time-window rules.
allowlist_rules (list[AllowlistCustomAlertRule]) – The allow-list custom alert rules.
denylist_rules (list[DenylistCustomAlertRule]) – The deny-list custom alert rules.
-
class
azure.mgmt.security.models.
DeviceSecurityGroupList
(*, value: Optional[List[azure.mgmt.security.models._models_py3.DeviceSecurityGroup]] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
List of device security groups.
Variables are only populated by the server, and will be ignored when sending a request.
- Parameters
value (list[DeviceSecurityGroup]) – List of device security group objects.
- Variables
next_link (str) – The URI to fetch the next page.
-
class
azure.mgmt.security.models.
DirectMethodInvokesNotInAllowedRange
(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size: datetime.timedelta, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule
Number of direct method invokes is not in allowed range.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Variables
- Parameters
is_enabled (bool) – Required. Status of the custom alert.
rule_type (str) – Required. The type of the custom alert rule.Constant filled by server.
min_threshold (int) – Required. The minimum threshold.
max_threshold (int) – Required. The maximum threshold.
time_window_size (timedelta) – Required. The time window size in iso8601 format.
-
class
azure.mgmt.security.models.
Direction
(value)[source]¶ -
The rule’s direction
-
INBOUND
= 'Inbound'¶
-
OUTBOUND
= 'Outbound'¶
-
-
class
azure.mgmt.security.models.
DiscoveredSecuritySolution
(*, security_family: str, offer: str, publisher: str, sku: str, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
,azure.mgmt.security.models._models_py3.Location
DiscoveredSecuritySolution.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Variables
- Parameters
security_family (str or SecurityFamily) – Required. The security family of the discovered solution. Possible values include: “Waf”, “Ngfw”, “SaasWaf”, “Va”.
offer (str) – Required. The security solutions’ image offer.
publisher (str) – Required. The security solutions’ image publisher.
sku (str) – Required. The security solutions’ image sku.
-
class
azure.mgmt.security.models.
DiscoveredSecuritySolutionList
(*, value: Optional[List[azure.mgmt.security.models._models_py3.DiscoveredSecuritySolution]] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
DiscoveredSecuritySolutionList.
Variables are only populated by the server, and will be ignored when sending a request.
- Parameters
value (list[DiscoveredSecuritySolution]) –
- Variables
next_link (str) – The URI to fetch the next page.
-
class
azure.mgmt.security.models.
ETag
(*, etag: Optional[str] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
Entity tag is used for comparing two or more entities from the same requested resource.
- Parameters
etag (str) – Entity tag is used for comparing two or more entities from the same requested resource.
-
class
azure.mgmt.security.models.
EffectiveNetworkSecurityGroups
(*, network_interface: Optional[str] = None, network_security_groups: Optional[List[str]] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
Describes the Network Security Groups effective on a network interface.
-
class
azure.mgmt.security.models.
EndOfSupportStatus
(value)[source]¶ -
End of support status.
-
NONE
= 'None'¶
-
NO_LONGER_SUPPORTED
= 'noLongerSupported'¶
-
UPCOMING_NO_LONGER_SUPPORTED
= 'upcomingNoLongerSupported'¶
-
UPCOMING_VERSION_NO_LONGER_SUPPORTED
= 'upcomingVersionNoLongerSupported'¶
-
VERSION_NO_LONGER_SUPPORTED
= 'versionNoLongerSupported'¶
-
-
class
azure.mgmt.security.models.
EnforcementMode
(value)[source]¶ -
The application control policy enforcement/protection mode of the machine group
-
AUDIT
= 'Audit'¶
-
ENFORCE
= 'Enforce'¶
-
NONE
= 'None'¶
-
-
class
azure.mgmt.security.models.
EnforcementSupport
(value)[source]¶ -
The machine supportability of Enforce feature
-
NOT_SUPPORTED
= 'NotSupported'¶
-
SUPPORTED
= 'Supported'¶
-
UNKNOWN
= 'Unknown'¶
-
-
class
azure.mgmt.security.models.
Enum13
(value)[source]¶ -
An enumeration.
-
ACTIVATE
= 'Activate'¶
-
CLOSE
= 'Close'¶
-
DISMISS
= 'Dismiss'¶
-
RESOLVE
= 'Resolve'¶
-
START
= 'Start'¶
-
-
class
azure.mgmt.security.models.
Enum15
(value)[source]¶ -
An enumeration.
-
CUSTOM
= 'custom'¶
-
EFFECTIVE
= 'effective'¶
-
-
class
azure.mgmt.security.models.
Enum69
(value)[source]¶ -
An enumeration.
-
MCAS
= 'MCAS'¶
-
SENTINEL
= 'Sentinel'¶
-
WDATP
= 'WDATP'¶
-
WDATP_EXCLUDE_LINUX_PUBLIC_PREVIEW
= 'WDATP_EXCLUDE_LINUX_PUBLIC_PREVIEW'¶
-
-
class
azure.mgmt.security.models.
ErrorAdditionalInfo
(**kwargs)[source]¶ Bases:
msrest.serialization.Model
The resource management error additional info.
Variables are only populated by the server, and will be ignored when sending a request.
-
class
azure.mgmt.security.models.
EventSource
(value)[source]¶ -
A valid event source type.
-
ALERTS
= 'Alerts'¶
-
ASSESSMENTS
= 'Assessments'¶
-
REGULATORY_COMPLIANCE_ASSESSMENT
= 'RegulatoryComplianceAssessment'¶
-
REGULATORY_COMPLIANCE_ASSESSMENT_SNAPSHOT
= 'RegulatoryComplianceAssessmentSnapshot'¶
-
SECURE_SCORES
= 'SecureScores'¶
-
SECURE_SCORES_SNAPSHOT
= 'SecureScoresSnapshot'¶
-
SECURE_SCORE_CONTROLS
= 'SecureScoreControls'¶
-
SECURE_SCORE_CONTROLS_SNAPSHOT
= 'SecureScoreControlsSnapshot'¶
-
SUB_ASSESSMENTS
= 'SubAssessments'¶
-
-
class
azure.mgmt.security.models.
ExpandControlsEnum
(value)[source]¶ -
An enumeration.
-
DEFINITION
= 'definition'¶ Add definition object for each control.
-
-
class
azure.mgmt.security.models.
ExpandEnum
(value)[source]¶ -
An enumeration.
-
LINKS
= 'links'¶ All links associated with an assessment.
-
METADATA
= 'metadata'¶ Assessment metadata.
-
-
class
azure.mgmt.security.models.
ExportData
(value)[source]¶ -
An enumeration.
-
RAW_EVENTS
= 'RawEvents'¶ Agent raw events.
-
-
class
azure.mgmt.security.models.
ExternalSecuritySolution
(*, kind: Optional[str] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
,azure.mgmt.security.models._models_py3.Location
,azure.mgmt.security.models._models_py3.ExternalSecuritySolutionKind
Represents a security solution external to Azure Security Center which sends information to an OMS workspace and whose data is displayed by Azure Security Center.
Variables are only populated by the server, and will be ignored when sending a request.
-
class
azure.mgmt.security.models.
ExternalSecuritySolutionKind
(*, kind: Optional[str] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
Describes an Azure resource with kind.
- Parameters
kind (str or ExternalSecuritySolutionKindEnum) – The kind of the external solution. Possible values include: “CEF”, “ATA”, “AAD”.
-
class
azure.mgmt.security.models.
ExternalSecuritySolutionKindEnum
(value)[source]¶ -
The kind of the external solution
-
AAD
= 'AAD'¶
-
ATA
= 'ATA'¶
-
CEF
= 'CEF'¶
-
-
class
azure.mgmt.security.models.
ExternalSecuritySolutionList
(*, value: Optional[List[azure.mgmt.security.models._models_py3.ExternalSecuritySolution]] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
ExternalSecuritySolutionList.
Variables are only populated by the server, and will be ignored when sending a request.
- Parameters
value (list[ExternalSecuritySolution]) –
- Variables
next_link (str) – The URI to fetch the next page.
-
class
azure.mgmt.security.models.
ExternalSecuritySolutionProperties
(*, additional_properties: Optional[Dict[str, Any]] = None, device_vendor: Optional[str] = None, device_type: Optional[str] = None, workspace: Optional[azure.mgmt.security.models._models_py3.ConnectedWorkspace] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
The solution properties (correspond to the solution kind).
- Parameters
additional_properties (dict[str, any]) – Unmatched properties from the message are deserialized to this collection.
device_vendor (str) –
device_type (str) –
workspace (ConnectedWorkspace) – Represents an OMS workspace to which the solution is connected.
-
class
azure.mgmt.security.models.
FailedLocalLoginsNotInAllowedRange
(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size: datetime.timedelta, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule
Number of failed local logins is not in allowed range.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Variables
- Parameters
is_enabled (bool) – Required. Status of the custom alert.
rule_type (str) – Required. The type of the custom alert rule.Constant filled by server.
min_threshold (int) – Required. The minimum threshold.
max_threshold (int) – Required. The maximum threshold.
time_window_size (timedelta) – Required. The time window size in iso8601 format.
-
class
azure.mgmt.security.models.
FileType
(value)[source]¶ -
The type of the file (for Linux files - Executable is used)
-
DLL
= 'Dll'¶
-
EXE
= 'Exe'¶
-
EXECUTABLE
= 'Executable'¶
-
MSI
= 'Msi'¶
-
SCRIPT
= 'Script'¶
-
UNKNOWN
= 'Unknown'¶
-
-
class
azure.mgmt.security.models.
FileUploadsNotInAllowedRange
(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size: datetime.timedelta, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule
Number of file uploads is not in allowed range.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Variables
- Parameters
is_enabled (bool) – Required. Status of the custom alert.
rule_type (str) – Required. The type of the custom alert rule.Constant filled by server.
min_threshold (int) – Required. The minimum threshold.
max_threshold (int) – Required. The maximum threshold.
time_window_size (timedelta) – Required. The time window size in iso8601 format.
-
class
azure.mgmt.security.models.
GcpCredentialsDetailsProperties
(*, organization_id: str, type: str, project_id: str, private_key_id: str, private_key: str, client_email: str, client_id: str, auth_uri: str, token_uri: str, auth_provider_x509_cert_url: str, client_x509_cert_url: str, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.AuthenticationDetailsProperties
GCP cloud account connector based service to service credentials, the credentials are composed of the organization ID and a JSON API key (write only).
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Variables
authentication_provisioning_state (str or AuthenticationProvisioningState) – State of the multi-cloud connector. Possible values include: “Valid”, “Invalid”, “Expired”, “IncorrectPolicy”.
granted_permissions (list[str or PermissionProperty]) – The permissions detected in the cloud account.
- Parameters
authentication_type (str or AuthenticationType) – Required. Connect to your cloud account, for AWS use either account credentials or role-based authentication. For GCP use account organization credentials.Constant filled by server. Possible values include: “awsCreds”, “awsAssumeRole”, “gcpCredentials”.
organization_id (str) – Required. The organization ID of the GCP cloud account.
type (str) – Required. Type field of the API key (write only).
project_id (str) – Required. Project ID field of the API key (write only).
private_key_id (str) – Required. Private key ID field of the API key (write only).
private_key (str) – Required. Private key field of the API key (write only).
client_email (str) – Required. Client email field of the API key (write only).
client_id (str) – Required. Client ID field of the API key (write only).
auth_uri (str) – Required. Auth URI field of the API key (write only).
token_uri (str) – Required. Token URI field of the API key (write only).
auth_provider_x509_cert_url (str) – Required. Auth provider x509 certificate URL field of the API key (write only).
client_x509_cert_url (str) – Required. Client x509 certificate URL field of the API key (write only).
-
class
azure.mgmt.security.models.
HttpC2DMessagesNotInAllowedRange
(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size: datetime.timedelta, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule
Number of cloud to device messages (HTTP protocol) is not in allowed range.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Variables
- Parameters
is_enabled (bool) – Required. Status of the custom alert.
rule_type (str) – Required. The type of the custom alert rule.Constant filled by server.
min_threshold (int) – Required. The minimum threshold.
max_threshold (int) – Required. The maximum threshold.
time_window_size (timedelta) – Required. The time window size in iso8601 format.
-
class
azure.mgmt.security.models.
HttpC2DRejectedMessagesNotInAllowedRange
(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size: datetime.timedelta, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule
Number of rejected cloud to device messages (HTTP protocol) is not in allowed range.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Variables
- Parameters
is_enabled (bool) – Required. Status of the custom alert.
rule_type (str) – Required. The type of the custom alert rule.Constant filled by server.
min_threshold (int) – Required. The minimum threshold.
max_threshold (int) – Required. The maximum threshold.
time_window_size (timedelta) – Required. The time window size in iso8601 format.
-
class
azure.mgmt.security.models.
HttpD2CMessagesNotInAllowedRange
(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size: datetime.timedelta, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule
Number of device to cloud messages (HTTP protocol) is not in allowed range.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Variables
- Parameters
is_enabled (bool) – Required. Status of the custom alert.
rule_type (str) – Required. The type of the custom alert rule.Constant filled by server.
min_threshold (int) – Required. The minimum threshold.
max_threshold (int) – Required. The maximum threshold.
time_window_size (timedelta) – Required. The time window size in iso8601 format.
-
class
azure.mgmt.security.models.
HybridComputeProvisioningState
(value)[source]¶ -
State of the service principal and its secret
-
EXPIRED
= 'Expired'¶ the service principal details are expired.
-
INVALID
= 'Invalid'¶ Invalid service principal details.
-
VALID
= 'Valid'¶ Valid service principal details.
-
-
class
azure.mgmt.security.models.
HybridComputeSettingsProperties
(*, auto_provision: str, resource_group_name: Optional[str] = None, region: Optional[str] = None, proxy_server: Optional[azure.mgmt.security.models._models_py3.ProxyServerProperties] = None, service_principal: Optional[azure.mgmt.security.models._models_py3.ServicePrincipalProperties] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
Settings for hybrid compute management.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Variables
hybrid_compute_provisioning_state (str or HybridComputeProvisioningState) – State of the service principal and its secret. Possible values include: “Valid”, “Invalid”, “Expired”.
- Parameters
auto_provision (str or AutoProvision) – Required. Whether or not to automatically install Azure Arc (hybrid compute) agents on machines. Possible values include: “On”, “Off”.
resource_group_name (str) – The name of the resource group where Arc (Hybrid Compute) connectors are connected.
region (str) – The location where the metadata of machines will be stored.
proxy_server (ProxyServerProperties) – For a non-Azure machine that is not connected directly to the internet, specify a proxy server that the non-Azure machine can use.
service_principal (ServicePrincipalProperties) – An object to access resources that are secured by an Azure AD tenant.
-
class
azure.mgmt.security.models.
ImplementationEffort
(value)[source]¶ -
The implementation effort required to remediate this assessment
-
HIGH
= 'High'¶
-
LOW
= 'Low'¶
-
MODERATE
= 'Moderate'¶
-
-
class
azure.mgmt.security.models.
InformationProtectionKeyword
(*, pattern: Optional[str] = None, custom: Optional[bool] = None, can_be_numeric: Optional[bool] = None, excluded: Optional[bool] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
The information type keyword.
-
class
azure.mgmt.security.models.
InformationProtectionPolicy
(*, labels: Optional[Dict[str, azure.mgmt.security.models._models_py3.SensitivityLabel]] = None, information_types: Optional[Dict[str, azure.mgmt.security.models._models_py3.InformationType]] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
Information protection policy.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
- Parameters
labels (dict[str, SensitivityLabel]) – Dictionary of sensitivity labels.
information_types (dict[str, InformationType]) – The sensitivity information types.
-
class
azure.mgmt.security.models.
InformationProtectionPolicyList
(*, value: Optional[List[azure.mgmt.security.models._models_py3.InformationProtectionPolicy]] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
Information protection policies response.
Variables are only populated by the server, and will be ignored when sending a request.
- Parameters
value (list[InformationProtectionPolicy]) – List of information protection policies.
- Variables
next_link (str) – The URI to fetch the next page.
-
class
azure.mgmt.security.models.
InformationType
(*, display_name: Optional[str] = None, description: Optional[str] = None, order: Optional[int] = None, recommended_label_id: Optional[str] = None, enabled: Optional[bool] = None, custom: Optional[bool] = None, keywords: Optional[List[azure.mgmt.security.models._models_py3.InformationProtectionKeyword]] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
The information type.
- Parameters
display_name (str) – The name of the information type.
description (str) – The description of the information type.
order (int) – The order of the information type.
recommended_label_id (str) – The recommended label id to be associated with this information type.
enabled (bool) – Indicates whether the information type is enabled or not.
custom (bool) – Indicates whether the information type is custom or not.
keywords (list[InformationProtectionKeyword]) – The information type keywords.
-
class
azure.mgmt.security.models.
IngestionConnectionString
(**kwargs)[source]¶ Bases:
msrest.serialization.Model
Connection string for ingesting security data and logs.
Variables are only populated by the server, and will be ignored when sending a request.
-
class
azure.mgmt.security.models.
IngestionSetting
(*, properties: Optional[Any] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
Configures how to correlate scan data and logs with resources associated with the subscription.
Variables are only populated by the server, and will be ignored when sending a request.
-
class
azure.mgmt.security.models.
IngestionSettingList
(**kwargs)[source]¶ Bases:
msrest.serialization.Model
List of ingestion settings.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
value (list[IngestionSetting]) – List of ingestion settings.
next_link (str) – The URI to fetch the next page.
-
class
azure.mgmt.security.models.
IngestionSettingToken
(**kwargs)[source]¶ Bases:
msrest.serialization.Model
Configures how to correlate scan data and logs with resources associated with the subscription.
Variables are only populated by the server, and will be ignored when sending a request.
-
class
azure.mgmt.security.models.
Intent
(value)[source]¶ -
The kill chain related intent behind the alert. For list of supported values, and explanations of Azure Security Center’s supported kill chain intents.
-
COLLECTION
= 'Collection'¶ Collection consists of techniques used to identify and gather information, such as sensitive files, from a target network prior to exfiltration.
-
COMMAND_AND_CONTROL
= 'CommandAndControl'¶ The command and control tactic represents how adversaries communicate with systems under their control within a target network.
-
CREDENTIAL_ACCESS
= 'CredentialAccess'¶ Credential access represents techniques resulting in access to or control over system, domain, or service credentials that are used within an enterprise environment.
-
DEFENSE_EVASION
= 'DefenseEvasion'¶ Defense evasion consists of techniques an adversary may use to evade detection or avoid other defenses.
-
DISCOVERY
= 'Discovery'¶ Discovery consists of techniques that allow the adversary to gain knowledge about the system and internal network.
-
EXECUTION
= 'Execution'¶ The execution tactic represents techniques that result in execution of adversary-controlled code on a local or remote system.
-
EXFILTRATION
= 'Exfiltration'¶ Exfiltration refers to techniques and attributes that result or aid in the adversary removing files and information from a target network.
-
EXPLOITATION
= 'Exploitation'¶ Exploitation is the stage where an attacker manages to get a foothold on the attacked resource. This stage is relevant for compute hosts and resources such as user accounts, certificates etc.
-
IMPACT
= 'Impact'¶ Impact events primarily try to directly reduce the availability or integrity of a system, service, or network; including manipulation of data to impact a business or operational process.
-
INITIAL_ACCESS
= 'InitialAccess'¶ InitialAccess is the stage where an attacker manages to get foothold on the attacked resource.
-
LATERAL_MOVEMENT
= 'LateralMovement'¶ Lateral movement consists of techniques that enable an adversary to access and control remote systems on a network and could, but does not necessarily, include execution of tools on remote systems.
-
PERSISTENCE
= 'Persistence'¶ Persistence is any access, action, or configuration change to a system that gives a threat actor a persistent presence on that system.
-
PRE_ATTACK
= 'PreAttack'¶ PreAttack could be either an attempt to access a certain resource regardless of a malicious intent, or a failed attempt to gain access to a target system to gather information prior to exploitation. This step is usually detected as an attempt, originating from outside the network, to scan the target system and find a way in. Further details on the PreAttack stage can be read in MITRE Pre-Att&ck matrix.
-
PRIVILEGE_ESCALATION
= 'PrivilegeEscalation'¶ Privilege escalation is the result of actions that allow an adversary to obtain a higher level of permissions on a system or network.
-
PROBING
= 'Probing'¶ Probing could be either an attempt to access a certain resource regardless of a malicious intent, or a failed attempt to gain access to a target system to gather information prior to exploitation.
-
UNKNOWN
= 'Unknown'¶ Unknown.
-
-
class
azure.mgmt.security.models.
IoTSecurityAggregatedAlert
(*, tags: Optional[Dict[str, str]] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
,azure.mgmt.security.models._models_py3.TagsResource
Security Solution Aggregated Alert information.
Variables are only populated by the server, and will be ignored when sending a request.
- Parameters
- Variables
name (str) – Resource name.
alert_type (str) – Name of the alert type.
alert_display_name (str) – Display name of the alert type.
aggregated_date_utc (date) – Date of detection.
vendor_name (str) – Name of the organization that raised the alert.
reported_severity (str or ReportedSeverity) – Assessed alert severity. Possible values include: “Informational”, “Low”, “Medium”, “High”.
remediation_steps (str) – Recommended steps for remediation.
description (str) – Description of the suspected vulnerability and meaning.
count (long) – Number of alerts occurrences within the aggregated time window.
effected_resource_type (str) – Azure resource ID of the resource that received the alerts.
system_source (str) – The type of the alerted resource (Azure, Non-Azure).
action_taken (str) – IoT Security solution alert response.
log_analytics_query (str) – Log analytics query for getting the list of affected devices/alerts.
top_devices_list (list[IoTSecurityAggregatedAlertPropertiesTopDevicesListItem]) – 10 devices with the highest number of occurrences of this alert type, on this day.
-
class
azure.mgmt.security.models.
IoTSecurityAggregatedAlertList
(*, value: List[azure.mgmt.security.models._models_py3.IoTSecurityAggregatedAlert], **kwargs)[source]¶ Bases:
msrest.serialization.Model
List of IoT Security solution aggregated alert data.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Parameters
value (list[IoTSecurityAggregatedAlert]) – Required. List of aggregated alerts data.
- Variables
next_link (str) – When there is too much alert data for one page, use this URI to fetch the next page.
-
class
azure.mgmt.security.models.
IoTSecurityAggregatedAlertPropertiesTopDevicesListItem
(**kwargs)[source]¶ Bases:
msrest.serialization.Model
IoTSecurityAggregatedAlertPropertiesTopDevicesListItem.
Variables are only populated by the server, and will be ignored when sending a request.
-
class
azure.mgmt.security.models.
IoTSecurityAggregatedRecommendation
(*, tags: Optional[Dict[str, str]] = None, recommendation_name: Optional[str] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
,azure.mgmt.security.models._models_py3.TagsResource
IoT Security solution recommendation information.
Variables are only populated by the server, and will be ignored when sending a request.
- Parameters
- Variables
name (str) – Resource name.
recommendation_display_name (str) – Display name of the recommendation type.
description (str) – Description of the suspected vulnerability and meaning.
recommendation_type_id (str) – Recommendation-type GUID.
detected_by (str) – Name of the organization that made the recommendation.
remediation_steps (str) – Recommended steps for remediation.
reported_severity (str or ReportedSeverity) – Assessed recommendation severity. Possible values include: “Informational”, “Low”, “Medium”, “High”.
healthy_devices (long) – Number of healthy devices within the IoT Security solution.
unhealthy_device_count (long) – Number of unhealthy devices within the IoT Security solution.
log_analytics_query (str) – Log analytics query for getting the list of affected devices/alerts.
-
class
azure.mgmt.security.models.
IoTSecurityAggregatedRecommendationList
(*, value: List[azure.mgmt.security.models._models_py3.IoTSecurityAggregatedRecommendation], **kwargs)[source]¶ Bases:
msrest.serialization.Model
List of IoT Security solution aggregated recommendations.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Parameters
value (list[IoTSecurityAggregatedRecommendation]) – Required. List of aggregated recommendations data.
- Variables
next_link (str) – When there is too much alert data for one page, use this URI to fetch the next page.
-
class
azure.mgmt.security.models.
IoTSecurityAlertedDevice
(**kwargs)[source]¶ Bases:
msrest.serialization.Model
Statistical information about the number of alerts per device during last set number of days.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
device_id (str) – Device identifier.
alerts_count (long) – Number of alerts raised for this device.
-
class
azure.mgmt.security.models.
IoTSecurityDeviceAlert
(**kwargs)[source]¶ Bases:
msrest.serialization.Model
Statistical information about the number of alerts per alert type during last set number of days.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
alert_display_name (str) – Display name of the alert.
reported_severity (str or ReportedSeverity) – Assessed Alert severity. Possible values include: “Informational”, “Low”, “Medium”, “High”.
alerts_count (long) – Number of alerts raised for this alert type.
-
class
azure.mgmt.security.models.
IoTSecurityDeviceRecommendation
(**kwargs)[source]¶ Bases:
msrest.serialization.Model
Statistical information about the number of recommendations per device, per recommendation type.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
recommendation_display_name (str) – Display name of the recommendation.
reported_severity (str or ReportedSeverity) – Assessed recommendation severity. Possible values include: “Informational”, “Low”, “Medium”, “High”.
devices_count (long) – Number of devices with this recommendation.
-
class
azure.mgmt.security.models.
IoTSecuritySolutionAnalyticsModel
(*, top_alerted_devices: Optional[List[azure.mgmt.security.models._models_py3.IoTSecurityAlertedDevice]] = None, most_prevalent_device_alerts: Optional[List[azure.mgmt.security.models._models_py3.IoTSecurityDeviceAlert]] = None, most_prevalent_device_recommendations: Optional[List[azure.mgmt.security.models._models_py3.IoTSecurityDeviceRecommendation]] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
Security analytics of your IoT Security solution.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
name (str) – Resource name.
metrics (IoTSeverityMetrics) – Security analytics of your IoT Security solution.
unhealthy_device_count (long) – Number of unhealthy devices within your IoT Security solution.
devices_metrics (list[IoTSecuritySolutionAnalyticsModelPropertiesDevicesMetricsItem]) – List of device metrics by the aggregation date.
- Parameters
top_alerted_devices (list[IoTSecurityAlertedDevice]) – List of the 3 devices with the most alerts.
most_prevalent_device_alerts (list[IoTSecurityDeviceAlert]) – List of the 3 most prevalent device alerts.
most_prevalent_device_recommendations (list[IoTSecurityDeviceRecommendation]) – List of the 3 most prevalent device recommendations.
-
class
azure.mgmt.security.models.
IoTSecuritySolutionAnalyticsModelList
(*, value: List[azure.mgmt.security.models._models_py3.IoTSecuritySolutionAnalyticsModel], **kwargs)[source]¶ Bases:
msrest.serialization.Model
List of Security analytics of your IoT Security solution.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Parameters
value (list[IoTSecuritySolutionAnalyticsModel]) – Required. List of Security analytics of your IoT Security solution.
- Variables
next_link (str) – When there is too much alert data for one page, use this URI to fetch the next page.
-
class
azure.mgmt.security.models.
IoTSecuritySolutionAnalyticsModelPropertiesDevicesMetricsItem
(*, date: Optional[datetime.datetime] = None, devices_metrics: Optional[azure.mgmt.security.models._models_py3.IoTSeverityMetrics] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
IoTSecuritySolutionAnalyticsModelPropertiesDevicesMetricsItem.
- Parameters
date (datetime) – Aggregation of IoT Security solution device alert metrics by date.
devices_metrics (IoTSeverityMetrics) – Device alert count by severity.
-
class
azure.mgmt.security.models.
IoTSecuritySolutionModel
(*, tags: Optional[Dict[str, str]] = None, location: Optional[str] = None, workspace: Optional[str] = None, display_name: Optional[str] = None, status: Optional[str] = 'Enabled', export: Optional[List[str]] = None, disabled_data_sources: Optional[List[str]] = None, iot_hubs: Optional[List[str]] = None, user_defined_resources: Optional[azure.mgmt.security.models._models_py3.UserDefinedResourcesProperties] = None, recommendations_configuration: Optional[List[azure.mgmt.security.models._models_py3.RecommendationConfigurationProperties]] = None, unmasked_ip_logging_status: Optional[str] = 'Disabled', additional_workspaces: Optional[List[azure.mgmt.security.models._models_py3.AdditionalWorkspacesProperties]] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
,azure.mgmt.security.models._models_py3.TagsResource
IoT Security solution configuration and resource information.
Variables are only populated by the server, and will be ignored when sending a request.
- Parameters
location (str) – The resource location.
workspace (str) – Workspace resource ID.
display_name (str) – Resource display name.
status (str or SecuritySolutionStatus) – Status of the IoT Security solution. Possible values include: “Enabled”, “Disabled”. Default value: “Enabled”.
export (list[str or ExportData]) – List of additional options for exporting to workspace data.
disabled_data_sources (list[str or DataSource]) – Disabled data sources. Disabling these data sources compromises the system.
user_defined_resources (UserDefinedResourcesProperties) – Properties of the IoT Security solution’s user defined resources.
recommendations_configuration (list[RecommendationConfigurationProperties]) – List of the configuration status for each recommendation type.
unmasked_ip_logging_status (str or UnmaskedIpLoggingStatus) – Unmasked IP address logging status. Possible values include: “Disabled”, “Enabled”. Default value: “Disabled”.
additional_workspaces (list[AdditionalWorkspacesProperties]) – List of additional workspaces.
- Variables
name (str) – Resource name.
system_data (SystemData) – Azure Resource Manager metadata containing createdBy and modifiedBy information.
auto_discovered_resources (list[str]) – List of resources that were automatically discovered as relevant to the security solution.
-
class
azure.mgmt.security.models.
IoTSecuritySolutionsList
(*, value: List[azure.mgmt.security.models._models_py3.IoTSecuritySolutionModel], **kwargs)[source]¶ Bases:
msrest.serialization.Model
List of IoT Security solutions.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Parameters
value (list[IoTSecuritySolutionModel]) – Required. List of IoT Security solutions.
- Variables
next_link (str) – The URI to fetch the next page.
-
class
azure.mgmt.security.models.
IoTSeverityMetrics
(*, high: Optional[int] = None, medium: Optional[int] = None, low: Optional[int] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
IoT Security solution analytics severity metrics.
- Parameters
high (long) – Count of high severity alerts/recommendations.
medium (long) – Count of medium severity alerts/recommendations.
low (long) – Count of low severity alerts/recommendations.
-
class
azure.mgmt.security.models.
JitNetworkAccessPoliciesList
(*, value: Optional[List[azure.mgmt.security.models._models_py3.JitNetworkAccessPolicy]] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
JitNetworkAccessPoliciesList.
Variables are only populated by the server, and will be ignored when sending a request.
- Parameters
value (list[JitNetworkAccessPolicy]) –
- Variables
next_link (str) – The URI to fetch the next page.
-
class
azure.mgmt.security.models.
JitNetworkAccessPolicy
(*, virtual_machines: List[azure.mgmt.security.models._models_py3.JitNetworkAccessPolicyVirtualMachine], kind: Optional[str] = None, requests: Optional[List[azure.mgmt.security.models._models_py3.JitNetworkAccessRequest]] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
,azure.mgmt.security.models._models_py3.Kind
,azure.mgmt.security.models._models_py3.Location
JitNetworkAccessPolicy.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Variables
- Parameters
kind (str) – Kind of the resource.
virtual_machines (list[JitNetworkAccessPolicyVirtualMachine]) – Required. Configurations for Microsoft.Compute/virtualMachines resource type.
requests (list[JitNetworkAccessRequest]) –
-
class
azure.mgmt.security.models.
JitNetworkAccessPolicyInitiatePort
(*, number: int, end_time_utc: datetime.datetime, allowed_source_address_prefix: Optional[str] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
JitNetworkAccessPolicyInitiatePort.
All required parameters must be populated in order to send to Azure.
-
class
azure.mgmt.security.models.
JitNetworkAccessPolicyInitiateRequest
(*, virtual_machines: List[azure.mgmt.security.models._models_py3.JitNetworkAccessPolicyInitiateVirtualMachine], justification: Optional[str] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
JitNetworkAccessPolicyInitiateRequest.
All required parameters must be populated in order to send to Azure.
- Parameters
virtual_machines (list[JitNetworkAccessPolicyInitiateVirtualMachine]) – Required. A list of virtual machines & ports to open access for.
justification (str) – The justification for making the initiate request.
-
class
azure.mgmt.security.models.
JitNetworkAccessPolicyInitiateVirtualMachine
(*, id: str, ports: List[azure.mgmt.security.models._models_py3.JitNetworkAccessPolicyInitiatePort], **kwargs)[source]¶ Bases:
msrest.serialization.Model
JitNetworkAccessPolicyInitiateVirtualMachine.
All required parameters must be populated in order to send to Azure.
- Parameters
id (str) – Required. Resource ID of the virtual machine that is linked to this policy.
ports (list[JitNetworkAccessPolicyInitiatePort]) – Required. The ports to open for the resource with the
id
.
-
class
azure.mgmt.security.models.
JitNetworkAccessPolicyVirtualMachine
(*, id: str, ports: List[azure.mgmt.security.models._models_py3.JitNetworkAccessPortRule], public_ip_address: Optional[str] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
JitNetworkAccessPolicyVirtualMachine.
All required parameters must be populated in order to send to Azure.
- Parameters
id (str) – Required. Resource ID of the virtual machine that is linked to this policy.
ports (list[JitNetworkAccessPortRule]) – Required. Port configurations for the virtual machine.
public_ip_address (str) – Public IP address of the Azure Firewall that is linked to this policy, if applicable.
-
class
azure.mgmt.security.models.
JitNetworkAccessPortRule
(*, number: int, protocol: str, max_request_access_duration: str, allowed_source_address_prefix: Optional[str] = None, allowed_source_address_prefixes: Optional[List[str]] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
JitNetworkAccessPortRule.
All required parameters must be populated in order to send to Azure.
- Parameters
number (int) – Required.
protocol (str or ProtocolEnum) – Required. Possible values include: “TCP”, “UDP”, “*”.
allowed_source_address_prefix (str) – Mutually exclusive with the “allowedSourceAddressPrefixes” parameter. Should be an IP address or CIDR, for example “192.168.0.3” or “192.168.0.0/16”.
allowed_source_address_prefixes (list[str]) – Mutually exclusive with the “allowedSourceAddressPrefix” parameter.
max_request_access_duration (str) – Required. Maximum duration requests can be made for. In ISO 8601 duration format. Minimum 5 minutes, maximum 1 day.
-
class
azure.mgmt.security.models.
JitNetworkAccessRequest
(*, virtual_machines: List[azure.mgmt.security.models._models_py3.JitNetworkAccessRequestVirtualMachine], start_time_utc: datetime.datetime, requestor: str, justification: Optional[str] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
JitNetworkAccessRequest.
All required parameters must be populated in order to send to Azure.
- Parameters
virtual_machines (list[JitNetworkAccessRequestVirtualMachine]) – Required.
start_time_utc (datetime) – Required. The start time of the request in UTC.
requestor (str) – Required. The identity of the person who made the request.
justification (str) – The justification for making the initiate request.
-
class
azure.mgmt.security.models.
JitNetworkAccessRequestPort
(*, number: int, end_time_utc: datetime.datetime, status: str, status_reason: str, allowed_source_address_prefix: Optional[str] = None, allowed_source_address_prefixes: Optional[List[str]] = None, mapped_port: Optional[int] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
JitNetworkAccessRequestPort.
All required parameters must be populated in order to send to Azure.
- Parameters
number (int) – Required.
allowed_source_address_prefix (str) – Mutually exclusive with the “allowedSourceAddressPrefixes” parameter. Should be an IP address or CIDR, for example “192.168.0.3” or “192.168.0.0/16”.
allowed_source_address_prefixes (list[str]) – Mutually exclusive with the “allowedSourceAddressPrefix” parameter.
end_time_utc (datetime) – Required. The date & time at which the request ends in UTC.
status (str or Status) – Required. The status of the port. Possible values include: “Revoked”, “Initiated”.
status_reason (str or StatusReason) – Required. A description of why the
status
has its value. Possible values include: “Expired”, “UserRequested”, “NewerRequestInitiated”.mapped_port (int) – The port which is mapped to this port’s
number
in the Azure Firewall, if applicable.
-
class
azure.mgmt.security.models.
JitNetworkAccessRequestVirtualMachine
(*, id: str, ports: List[azure.mgmt.security.models._models_py3.JitNetworkAccessRequestPort], **kwargs)[source]¶ Bases:
msrest.serialization.Model
JitNetworkAccessRequestVirtualMachine.
All required parameters must be populated in order to send to Azure.
- Parameters
id (str) – Required. Resource ID of the virtual machine that is linked to this policy.
ports (list[JitNetworkAccessRequestPort]) – Required. The ports that were opened for the virtual machine.
-
class
azure.mgmt.security.models.
Kind
(*, kind: Optional[str] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
Describes an Azure resource with kind.
- Parameters
kind (str) – Kind of the resource.
-
class
azure.mgmt.security.models.
KindEnum
(value)[source]¶ -
The kind of alert simulation.
-
BUNDLES
= 'Bundles'¶ Simulate alerts according to bundles.
-
-
class
azure.mgmt.security.models.
ListCustomAlertRule
(*, is_enabled: bool, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.CustomAlertRule
A List custom alert rule.
You probably want to use the sub-classes and not this class directly. Known sub-classes are: AllowlistCustomAlertRule, DenylistCustomAlertRule.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Variables
- Parameters
-
class
azure.mgmt.security.models.
LocalUserNotAllowed
(*, is_enabled: bool, allowlist_values: List[str], **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.AllowlistCustomAlertRule
Login by a local user that isn’t allowed. Allow list consists of login names to allow.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Variables
- Parameters
-
class
azure.mgmt.security.models.
Location
(**kwargs)[source]¶ Bases:
msrest.serialization.Model
Describes an Azure resource with location.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
location (str) – Location where the resource is stored.
-
class
azure.mgmt.security.models.
LogAnalyticsIdentifier
(**kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.ResourceIdentifier
Represents a Log Analytics workspace scope identifier.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Parameters
type (str or ResourceIdentifierType) – Required. There can be multiple identifiers of different type per alert, this field specify the identifier type.Constant filled by server. Possible values include: “AzureResource”, “LogAnalytics”.
- Variables
workspace_id (str) – The LogAnalytics workspace id that stores this alert.
workspace_subscription_id (str) – The azure subscription id for the LogAnalytics workspace storing this alert.
workspace_resource_group (str) – The azure resource group for the LogAnalytics workspace storing this alert.
agent_id (str) – (optional) The LogAnalytics agent id reporting the event that this alert is based on.
-
class
azure.mgmt.security.models.
MqttC2DMessagesNotInAllowedRange
(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size: datetime.timedelta, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule
Number of cloud to device messages (MQTT protocol) is not in allowed range.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Variables
- Parameters
is_enabled (bool) – Required. Status of the custom alert.
rule_type (str) – Required. The type of the custom alert rule.Constant filled by server.
min_threshold (int) – Required. The minimum threshold.
max_threshold (int) – Required. The maximum threshold.
time_window_size (timedelta) – Required. The time window size in iso8601 format.
-
class
azure.mgmt.security.models.
MqttC2DRejectedMessagesNotInAllowedRange
(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size: datetime.timedelta, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule
Number of rejected cloud to device messages (MQTT protocol) is not in allowed range.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Variables
- Parameters
is_enabled (bool) – Required. Status of the custom alert.
rule_type (str) – Required. The type of the custom alert rule.Constant filled by server.
min_threshold (int) – Required. The minimum threshold.
max_threshold (int) – Required. The maximum threshold.
time_window_size (timedelta) – Required. The time window size in iso8601 format.
-
class
azure.mgmt.security.models.
MqttD2CMessagesNotInAllowedRange
(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size: datetime.timedelta, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule
Number of device to cloud messages (MQTT protocol) is not in allowed range.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Variables
- Parameters
is_enabled (bool) – Required. Status of the custom alert.
rule_type (str) – Required. The type of the custom alert rule.Constant filled by server.
min_threshold (int) – Required. The minimum threshold.
max_threshold (int) – Required. The maximum threshold.
time_window_size (timedelta) – Required. The time window size in iso8601 format.
-
class
azure.mgmt.security.models.
OnPremiseResourceDetails
(*, workspace_id: str, vmuuid: str, source_computer_id: str, machine_name: str, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.ResourceDetails
Details of the On Premise resource that was assessed.
You probably want to use the sub-classes and not this class directly. Known sub-classes are: OnPremiseSqlResourceDetails.
All required parameters must be populated in order to send to Azure.
- Parameters
source (str or Source) – Required. The platform where the assessed resource resides.Constant filled by server. Possible values include: “Azure”, “OnPremise”, “OnPremiseSql”.
workspace_id (str) – Required. Azure resource Id of the workspace the machine is attached to.
vmuuid (str) – Required. The unique Id of the machine.
source_computer_id (str) – Required. The oms agent Id installed on the machine.
machine_name (str) – Required. The name of the machine.
-
class
azure.mgmt.security.models.
OnPremiseSqlResourceDetails
(*, workspace_id: str, vmuuid: str, source_computer_id: str, machine_name: str, server_name: str, database_name: str, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.OnPremiseResourceDetails
Details of the On Premise Sql resource that was assessed.
All required parameters must be populated in order to send to Azure.
- Parameters
source (str or Source) – Required. The platform where the assessed resource resides.Constant filled by server. Possible values include: “Azure”, “OnPremise”, “OnPremiseSql”.
workspace_id (str) – Required. Azure resource Id of the workspace the machine is attached to.
vmuuid (str) – Required. The unique Id of the machine.
source_computer_id (str) – Required. The oms agent Id installed on the machine.
machine_name (str) – Required. The name of the machine.
server_name (str) – Required. The Sql server name installed on the machine.
database_name (str) – Required. The Sql database name installed on the machine.
-
class
azure.mgmt.security.models.
Operation
(*, display: Optional[azure.mgmt.security.models._models_py3.OperationDisplay] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
Possible operation in the REST API of Microsoft.Security.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
- Parameters
display (OperationDisplay) – Security operation display.
-
class
azure.mgmt.security.models.
OperationDisplay
(**kwargs)[source]¶ Bases:
msrest.serialization.Model
Security operation display.
Variables are only populated by the server, and will be ignored when sending a request.
-
class
azure.mgmt.security.models.
OperationList
(*, value: Optional[List[azure.mgmt.security.models._models_py3.Operation]] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
List of possible operations for Microsoft.Security resource provider.
Variables are only populated by the server, and will be ignored when sending a request.
-
class
azure.mgmt.security.models.
Operator
(value)[source]¶ -
A valid comparer operator to use. A case-insensitive comparison will be applied for String PropertyType.
-
CONTAINS
= 'Contains'¶ Applies only for non-decimal operands.
-
ENDS_WITH
= 'EndsWith'¶ Applies only for non-decimal operands.
-
EQUALS
= 'Equals'¶ Applies for decimal and non-decimal operands.
-
GREATER_THAN
= 'GreaterThan'¶ Applies only for decimal operands.
-
GREATER_THAN_OR_EQUAL_TO
= 'GreaterThanOrEqualTo'¶ Applies only for decimal operands.
-
LESSER_THAN
= 'LesserThan'¶ Applies only for decimal operands.
-
LESSER_THAN_OR_EQUAL_TO
= 'LesserThanOrEqualTo'¶ Applies only for decimal operands.
-
NOT_EQUALS
= 'NotEquals'¶ Applies for decimal and non-decimal operands.
-
STARTS_WITH
= 'StartsWith'¶ Applies only for non-decimal operands.
-
-
class
azure.mgmt.security.models.
PathRecommendation
(*, path: Optional[str] = None, action: Optional[str] = None, type: Optional[str] = None, publisher_info: Optional[azure.mgmt.security.models._models_py3.PublisherInfo] = None, common: Optional[bool] = None, user_sids: Optional[List[str]] = None, usernames: Optional[List[azure.mgmt.security.models._models_py3.UserRecommendation]] = None, file_type: Optional[str] = None, configuration_status: Optional[str] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
Represents a path that is recommended to be allowed and its properties.
- Parameters
path (str) – The full path of the file, or an identifier of the application.
action (str or RecommendationAction) – The recommendation action of the machine or rule. Possible values include: “Recommended”, “Add”, “Remove”.
type (str or RecommendationType) – The type of IoT Security recommendation. Possible values include: “IoT_ACRAuthentication”, “IoT_AgentSendsUnutilizedMessages”, “IoT_Baseline”, “IoT_EdgeHubMemOptimize”, “IoT_EdgeLoggingOptions”, “IoT_InconsistentModuleSettings”, “IoT_InstallAgent”, “IoT_IPFilter_DenyAll”, “IoT_IPFilter_PermissiveRule”, “IoT_OpenPorts”, “IoT_PermissiveFirewallPolicy”, “IoT_PermissiveInputFirewallRules”, “IoT_PermissiveOutputFirewallRules”, “IoT_PrivilegedDockerOptions”, “IoT_SharedCredentials”, “IoT_VulnerableTLSCipherSuite”.
publisher_info (PublisherInfo) – Represents the publisher information of a process/rule.
common (bool) – Whether the application is commonly run on the machine.
usernames (list[UserRecommendation]) –
file_type (str or FileType) – The type of the file (for Linux files - Executable is used). Possible values include: “Exe”, “Dll”, “Msi”, “Script”, “Executable”, “Unknown”.
configuration_status (str or ConfigurationStatus) – The configuration status of the machines group or machine or rule. Possible values include: “Configured”, “NotConfigured”, “InProgress”, “Failed”, “NoStatus”.
-
class
azure.mgmt.security.models.
PermissionProperty
(value)[source]¶ -
A permission detected in the cloud account.
-
AWS_AMAZON_SSM_AUTOMATION_ROLE
= 'AWS::AmazonSSMAutomationRole'¶ The permission provides for EC2 Automation service to execute activities defined within Automation documents.
-
AWS_AWS_SECURITY_HUB_READ_ONLY_ACCESS
= 'AWS::AWSSecurityHubReadOnlyAccess'¶ This permission provides read only access to AWS Security Hub resources.
-
AWS_SECURITY_AUDIT
= 'AWS::SecurityAudit'¶ This permission grants access to read security configuration metadata.
-
GCP_SECURITY_CENTER_ADMIN_VIEWER
= 'GCP::Security Center Admin Viewer'¶ This permission provides read only access to GCP Security Command Center.
-
-
class
azure.mgmt.security.models.
Pricing
(*, pricing_tier: Optional[str] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
- Parameters
pricing_tier (str or PricingTier) – The pricing tier value. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. Possible values include: “Free”, “Standard”.
-
class
azure.mgmt.security.models.
PricingList
(*, value: List[azure.mgmt.security.models._models_py3.Pricing], **kwargs)[source]¶ Bases:
msrest.serialization.Model
List of pricing configurations response.
All required parameters must be populated in order to send to Azure.
-
class
azure.mgmt.security.models.
PricingTier
(value)[source]¶ -
The pricing tier value. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features.
-
FREE
= 'Free'¶ Get free Azure security center experience with basic security features.
-
STANDARD
= 'Standard'¶ Get the standard Azure security center experience with advanced security features.
-
-
class
azure.mgmt.security.models.
ProcessNotAllowed
(*, is_enabled: bool, allowlist_values: List[str], **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.AllowlistCustomAlertRule
Execution of a process that isn’t allowed. Allow list consists of process names to allow.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Variables
- Parameters
-
class
azure.mgmt.security.models.
PropertyType
(value)[source]¶ -
The data type of the compared operands (string, integer, floating point number or a boolean [true/false]]
-
BOOLEAN
= 'Boolean'¶
-
INTEGER
= 'Integer'¶
-
NUMBER
= 'Number'¶
-
STRING
= 'String'¶
-
-
class
azure.mgmt.security.models.
ProtectionMode
(*, exe: Optional[str] = None, msi: Optional[str] = None, script: Optional[str] = None, executable: Optional[str] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
The protection mode of the collection/file types. Exe/Msi/Script are used for Windows, Executable is used for Linux.
- Parameters
exe (str or EnforcementMode) – The application control policy enforcement/protection mode of the machine group. Possible values include: “Audit”, “Enforce”, “None”.
msi (str or EnforcementMode) – The application control policy enforcement/protection mode of the machine group. Possible values include: “Audit”, “Enforce”, “None”.
script (str or EnforcementMode) – The application control policy enforcement/protection mode of the machine group. Possible values include: “Audit”, “Enforce”, “None”.
executable (str or EnforcementMode) – The application control policy enforcement/protection mode of the machine group. Possible values include: “Audit”, “Enforce”, “None”.
-
class
azure.mgmt.security.models.
ProtocolEnum
(value)[source]¶ -
An enumeration.
-
ALL
= '*'¶
-
TCP
= 'TCP'¶
-
UDP
= 'UDP'¶
-
-
class
azure.mgmt.security.models.
ProvisioningState
(value)[source]¶ -
The security family provisioning State
-
FAILED
= 'Failed'¶
-
SUCCEEDED
= 'Succeeded'¶
-
UPDATING
= 'Updating'¶
-
-
class
azure.mgmt.security.models.
ProxyServerProperties
(*, ip: Optional[str] = None, port: Optional[str] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
For a non-Azure machine that is not connected directly to the internet, specify a proxy server that the non-Azure machine can use.
-
class
azure.mgmt.security.models.
PublisherInfo
(*, publisher_name: Optional[str] = None, product_name: Optional[str] = None, binary_name: Optional[str] = None, version: Optional[str] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
Represents the publisher information of a process/rule.
- Parameters
publisher_name (str) – The Subject field of the x.509 certificate used to sign the code, using the following fields - O = Organization, L = Locality, S = State or Province, and C = Country.
product_name (str) – The product name taken from the file’s version resource.
binary_name (str) – The “OriginalName” field taken from the file’s version resource.
version (str) – The binary file version taken from the file’s version resource.
-
class
azure.mgmt.security.models.
QueryCheck
(*, query: Optional[str] = None, expected_result: Optional[List[List[str]]] = None, column_names: Optional[List[str]] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
The rule query details.
-
class
azure.mgmt.security.models.
QueuePurgesNotInAllowedRange
(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size: datetime.timedelta, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule
Number of device queue purges is not in allowed range.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Variables
- Parameters
is_enabled (bool) – Required. Status of the custom alert.
rule_type (str) – Required. The type of the custom alert rule.Constant filled by server.
min_threshold (int) – Required. The minimum threshold.
max_threshold (int) – Required. The maximum threshold.
time_window_size (timedelta) – Required. The time window size in iso8601 format.
-
class
azure.mgmt.security.models.
Rank
(value)[source]¶ -
The rank of the sensitivity label.
-
CRITICAL
= 'Critical'¶
-
HIGH
= 'High'¶
-
LOW
= 'Low'¶
-
MEDIUM
= 'Medium'¶
-
NONE
= 'None'¶
-
-
class
azure.mgmt.security.models.
RecommendationAction
(value)[source]¶ -
The recommendation action of the machine or rule
-
ADD
= 'Add'¶
-
RECOMMENDED
= 'Recommended'¶
-
REMOVE
= 'Remove'¶
-
-
class
azure.mgmt.security.models.
RecommendationConfigStatus
(value)[source]¶ -
Recommendation status. When the recommendation status is disabled recommendations are not generated.
-
DISABLED
= 'Disabled'¶
-
ENABLED
= 'Enabled'¶
-
-
class
azure.mgmt.security.models.
RecommendationConfigurationProperties
(*, recommendation_type: str, status: str = 'Enabled', **kwargs)[source]¶ Bases:
msrest.serialization.Model
The type of IoT Security recommendation.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Parameters
recommendation_type (str or RecommendationType) – Required. The type of IoT Security recommendation. Possible values include: “IoT_ACRAuthentication”, “IoT_AgentSendsUnutilizedMessages”, “IoT_Baseline”, “IoT_EdgeHubMemOptimize”, “IoT_EdgeLoggingOptions”, “IoT_InconsistentModuleSettings”, “IoT_InstallAgent”, “IoT_IPFilter_DenyAll”, “IoT_IPFilter_PermissiveRule”, “IoT_OpenPorts”, “IoT_PermissiveFirewallPolicy”, “IoT_PermissiveInputFirewallRules”, “IoT_PermissiveOutputFirewallRules”, “IoT_PrivilegedDockerOptions”, “IoT_SharedCredentials”, “IoT_VulnerableTLSCipherSuite”.
status (str or RecommendationConfigStatus) – Required. Recommendation status. When the recommendation status is disabled recommendations are not generated. Possible values include: “Disabled”, “Enabled”. Default value: “Enabled”.
- Variables
name (str) –
-
class
azure.mgmt.security.models.
RecommendationStatus
(value)[source]¶ -
The initial recommendation status of the machine group or machine
-
NOT_AVAILABLE
= 'NotAvailable'¶
-
NOT_RECOMMENDED
= 'NotRecommended'¶
-
NO_STATUS
= 'NoStatus'¶
-
RECOMMENDED
= 'Recommended'¶
-
-
class
azure.mgmt.security.models.
RecommendationType
(value)[source]¶ -
The type of IoT Security recommendation.
-
IO_T_ACRAUTHENTICATION
= 'IoT_ACRAuthentication'¶ Authentication schema used for pull an edge module from an ACR repository does not use Service Principal Authentication.
-
IO_T_AGENT_SENDS_UNUTILIZED_MESSAGES
= 'IoT_AgentSendsUnutilizedMessages'¶ IoT agent message size capacity is currently underutilized, causing an increase in the number of sent messages. Adjust message intervals for better utilization.
-
IO_T_BASELINE
= 'IoT_Baseline'¶ Identified security related system configuration issues.
-
IO_T_EDGE_HUB_MEM_OPTIMIZE
= 'IoT_EdgeHubMemOptimize'¶ You can optimize Edge Hub memory usage by turning off protocol heads for any protocols not used by Edge modules in your solution.
-
IO_T_EDGE_LOGGING_OPTIONS
= 'IoT_EdgeLoggingOptions'¶ Logging is disabled for this edge module.
-
IO_T_INCONSISTENT_MODULE_SETTINGS
= 'IoT_InconsistentModuleSettings'¶ A minority within a device security group has inconsistent Edge Module settings with the rest of their group.
-
IO_T_INSTALL_AGENT
= 'IoT_InstallAgent'¶ Install the Azure Security of Things Agent.
-
IO_T_IPFILTER_DENY_ALL
= 'IoT_IPFilter_DenyAll'¶ IP Filter Configuration should have rules defined for allowed traffic and should deny all other traffic by default.
-
IO_T_IPFILTER_PERMISSIVE_RULE
= 'IoT_IPFilter_PermissiveRule'¶ An Allow IP Filter rules source IP range is too large. Overly permissive rules might expose your IoT hub to malicious intenders.
-
IO_T_OPEN_PORTS
= 'IoT_OpenPorts'¶ A listening endpoint was found on the device.
-
IO_T_PERMISSIVE_FIREWALL_POLICY
= 'IoT_PermissiveFirewallPolicy'¶ An Allowed firewall policy was found (INPUT/OUTPUT). The policy should Deny all traffic by default and define rules to allow necessary communication to/from the device.
-
IO_T_PERMISSIVE_INPUT_FIREWALL_RULES
= 'IoT_PermissiveInputFirewallRules'¶ A rule in the firewall has been found that contains a permissive pattern for a wide range of IP addresses or Ports.
-
IO_T_PERMISSIVE_OUTPUT_FIREWALL_RULES
= 'IoT_PermissiveOutputFirewallRules'¶ A rule in the firewall has been found that contains a permissive pattern for a wide range of IP addresses or Ports.
-
IO_T_PRIVILEGED_DOCKER_OPTIONS
= 'IoT_PrivilegedDockerOptions'¶ Edge module is configured to run in privileged mode, with extensive Linux capabilities or with host-level network access (send/receive data to host machine).
-
IO_T_SHARED_CREDENTIALS
= 'IoT_SharedCredentials'¶ Same authentication credentials to the IoT Hub used by multiple devices. This could indicate an illegitimate device impersonating a legitimate device. It also exposes the risk of device impersonation by an attacker.
-
IO_T_VULNERABLE_TLS_CIPHER_SUITE
= 'IoT_VulnerableTLSCipherSuite'¶ Insecure TLS configurations detected. Immediate upgrade recommended.
-
-
class
azure.mgmt.security.models.
RegulatoryComplianceAssessment
(*, state: Optional[str] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
Regulatory compliance assessment details and state.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
name (str) – Resource name.
description (str) – The description of the regulatory compliance assessment.
assessment_type (str) – The expected type of assessment contained in the AssessmentDetailsLink.
assessment_details_link (str) – Link to more detailed assessment results data. The response type will be according to the assessmentType field.
passed_resources (int) – The given assessment’s related resources count with passed state.
failed_resources (int) – The given assessment’s related resources count with failed state.
skipped_resources (int) – The given assessment’s related resources count with skipped state.
unsupported_resources (int) – The given assessment’s related resources count with unsupported state.
- Parameters
state (str or State) – Aggregative state based on the assessment’s scanned resources states. Possible values include: “Passed”, “Failed”, “Skipped”, “Unsupported”.
-
class
azure.mgmt.security.models.
RegulatoryComplianceAssessmentList
(*, value: List[azure.mgmt.security.models._models_py3.RegulatoryComplianceAssessment], **kwargs)[source]¶ Bases:
msrest.serialization.Model
List of regulatory compliance assessment response.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Parameters
value (list[RegulatoryComplianceAssessment]) – Required.
- Variables
next_link (str) – The URI to fetch the next page.
-
class
azure.mgmt.security.models.
RegulatoryComplianceControl
(*, state: Optional[str] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
Regulatory compliance control details and state.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
name (str) – Resource name.
description (str) – The description of the regulatory compliance control.
passed_assessments (int) – The number of supported regulatory compliance assessments of the given control with a passed state.
failed_assessments (int) – The number of supported regulatory compliance assessments of the given control with a failed state.
skipped_assessments (int) – The number of supported regulatory compliance assessments of the given control with a skipped state.
- Parameters
state (str or State) – Aggregative state based on the control’s supported assessments states. Possible values include: “Passed”, “Failed”, “Skipped”, “Unsupported”.
-
class
azure.mgmt.security.models.
RegulatoryComplianceControlList
(*, value: List[azure.mgmt.security.models._models_py3.RegulatoryComplianceControl], **kwargs)[source]¶ Bases:
msrest.serialization.Model
List of regulatory compliance controls response.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Parameters
value (list[RegulatoryComplianceControl]) – Required. List of regulatory compliance controls.
- Variables
next_link (str) – The URI to fetch the next page.
-
class
azure.mgmt.security.models.
RegulatoryComplianceStandard
(*, state: Optional[str] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
Regulatory compliance standard details and state.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
name (str) – Resource name.
passed_controls (int) – The number of supported regulatory compliance controls of the given standard with a passed state.
failed_controls (int) – The number of supported regulatory compliance controls of the given standard with a failed state.
skipped_controls (int) – The number of supported regulatory compliance controls of the given standard with a skipped state.
unsupported_controls (int) – The number of regulatory compliance controls of the given standard which are unsupported by automated assessments.
- Parameters
state (str or State) – Aggregative state based on the standard’s supported controls states. Possible values include: “Passed”, “Failed”, “Skipped”, “Unsupported”.
-
class
azure.mgmt.security.models.
RegulatoryComplianceStandardList
(*, value: List[azure.mgmt.security.models._models_py3.RegulatoryComplianceStandard], **kwargs)[source]¶ Bases:
msrest.serialization.Model
List of regulatory compliance standards response.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Parameters
value (list[RegulatoryComplianceStandard]) – Required.
- Variables
next_link (str) – The URI to fetch the next page.
-
class
azure.mgmt.security.models.
Remediation
(*, description: Optional[str] = None, scripts: Optional[List[str]] = None, automated: Optional[bool] = None, portal_link: Optional[str] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
Remediation details.
-
class
azure.mgmt.security.models.
ReportedSeverity
(value)[source]¶ -
Assessed alert severity.
-
HIGH
= 'High'¶
-
INFORMATIONAL
= 'Informational'¶
-
LOW
= 'Low'¶
-
MEDIUM
= 'Medium'¶
-
-
class
azure.mgmt.security.models.
Resource
(**kwargs)[source]¶ Bases:
msrest.serialization.Model
Describes an Azure resource.
Variables are only populated by the server, and will be ignored when sending a request.
-
class
azure.mgmt.security.models.
ResourceDetails
(**kwargs)[source]¶ Bases:
msrest.serialization.Model
Details of the resource that was assessed.
You probably want to use the sub-classes and not this class directly. Known sub-classes are: AzureResourceDetails, OnPremiseResourceDetails.
All required parameters must be populated in order to send to Azure.
-
class
azure.mgmt.security.models.
ResourceIdentifier
(**kwargs)[source]¶ Bases:
msrest.serialization.Model
A resource identifier for an alert which can be used to direct the alert to the right product exposure group (tenant, workspace, subscription etc.).
You probably want to use the sub-classes and not this class directly. Known sub-classes are: AzureResourceIdentifier, LogAnalyticsIdentifier.
All required parameters must be populated in order to send to Azure.
- Parameters
type (str or ResourceIdentifierType) – Required. There can be multiple identifiers of different type per alert, this field specify the identifier type.Constant filled by server. Possible values include: “AzureResource”, “LogAnalytics”.
-
class
azure.mgmt.security.models.
ResourceIdentifierType
(value)[source]¶ -
There can be multiple identifiers of different type per alert, this field specify the identifier type.
-
AZURE_RESOURCE
= 'AzureResource'¶
-
LOG_ANALYTICS
= 'LogAnalytics'¶
-
-
class
azure.mgmt.security.models.
ResourceStatus
(value)[source]¶ -
The status of the resource regarding a single assessment
-
HEALTHY
= 'Healthy'¶ This assessment on the resource is healthy.
-
NOT_APPLICABLE
= 'NotApplicable'¶ This assessment is not applicable to this resource.
-
NOT_HEALTHY
= 'NotHealthy'¶ This assessment on the resource is not healthy.
-
OFF_BY_POLICY
= 'OffByPolicy'¶ This assessment is turned off by policy on this subscription.
-
-
class
azure.mgmt.security.models.
Rule
(*, name: Optional[str] = None, direction: Optional[str] = None, destination_port: Optional[int] = None, protocols: Optional[List[str]] = None, ip_addresses: Optional[List[str]] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
Describes remote addresses that is recommended to communicate with the Azure resource on some (Protocol, Port, Direction). All other remote addresses are recommended to be blocked.
- Parameters
name (str) – The name of the rule.
direction (str or Direction) – The rule’s direction. Possible values include: “Inbound”, “Outbound”.
destination_port (int) – The rule’s destination port.
protocols (list[str or TransportProtocol]) – The rule’s transport protocols.
ip_addresses (list[str]) – The remote IP addresses that should be able to communicate with the Azure resource on the rule’s destination port and protocol.
-
class
azure.mgmt.security.models.
RuleResults
(*, properties: Optional[azure.mgmt.security.models._models_py3.RuleResultsProperties] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
Rule results.
Variables are only populated by the server, and will be ignored when sending a request.
-
class
azure.mgmt.security.models.
RuleResultsInput
(*, latest_scan: Optional[bool] = None, results: Optional[List[List[str]]] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
Rule results input.
-
class
azure.mgmt.security.models.
RuleResultsProperties
(*, results: Optional[List[List[str]]] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
Rule results properties.
-
class
azure.mgmt.security.models.
RuleSeverity
(value)[source]¶ -
The rule severity.
-
HIGH
= 'High'¶ High.
-
INFORMATIONAL
= 'Informational'¶ Informational.
-
LOW
= 'Low'¶ Low.
-
MEDIUM
= 'Medium'¶ Medium.
-
OBSOLETE
= 'Obsolete'¶ Obsolete.
-
-
class
azure.mgmt.security.models.
RuleState
(value)[source]¶ -
Possible states of the rule
-
DISABLED
= 'Disabled'¶
-
ENABLED
= 'Enabled'¶
-
EXPIRED
= 'Expired'¶
-
-
class
azure.mgmt.security.models.
RuleStatus
(value)[source]¶ -
The rule result status.
-
FINDING
= 'Finding'¶ Finding.
-
INTERNAL_ERROR
= 'InternalError'¶ InternalError.
-
NON_FINDING
= 'NonFinding'¶ NonFinding.
-
-
class
azure.mgmt.security.models.
RuleType
(value)[source]¶ -
The rule type.
-
BASELINE_EXPECTED
= 'BaselineExpected'¶ BaselineExpected.
-
BINARY
= 'Binary'¶ Binary.
-
NEGATIVE_LIST
= 'NegativeList'¶ NegativeList.
-
POSITIVE_LIST
= 'PositiveList'¶ PositiveList.
-
-
class
azure.mgmt.security.models.
RulesResults
(*, value: Optional[List[azure.mgmt.security.models._models_py3.RuleResults]] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
A list of rules results.
- Parameters
value (list[RuleResults]) – List of rule results.
-
class
azure.mgmt.security.models.
RulesResultsInput
(*, latest_scan: Optional[bool] = None, results: Optional[Dict[str, List[List[str]]]] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
Rules results input.
-
class
azure.mgmt.security.models.
Scan
(*, properties: Optional[azure.mgmt.security.models._models_py3.ScanProperties] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
A vulnerability assessment scan record.
Variables are only populated by the server, and will be ignored when sending a request.
-
class
azure.mgmt.security.models.
ScanProperties
(*, trigger_type: Optional[str] = None, state: Optional[str] = None, server: Optional[str] = None, database: Optional[str] = None, sql_version: Optional[str] = None, start_time: Optional[datetime.datetime] = None, end_time: Optional[datetime.datetime] = None, high_severity_failed_rules_count: Optional[int] = None, medium_severity_failed_rules_count: Optional[int] = None, low_severity_failed_rules_count: Optional[int] = None, total_passed_rules_count: Optional[int] = None, total_failed_rules_count: Optional[int] = None, total_rules_count: Optional[int] = None, is_baseline_applied: Optional[bool] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
A vulnerability assessment scan record properties.
- Parameters
trigger_type (str or ScanTriggerType) – The scan trigger type. Possible values include: “OnDemand”, “Recurring”.
state (str or ScanState) – The scan status. Possible values include: “Failed”, “FailedToRun”, “InProgress”, “Passed”.
server (str) – The server name.
database (str) – The database name.
sql_version (str) – The SQL version.
start_time (datetime) – The scan start time (UTC).
end_time (datetime) – Scan results are valid until end time (UTC).
high_severity_failed_rules_count (int) – The number of failed rules with high severity.
medium_severity_failed_rules_count (int) – The number of failed rules with medium severity.
low_severity_failed_rules_count (int) – The number of failed rules with low severity.
total_passed_rules_count (int) – The number of total passed rules.
total_failed_rules_count (int) – The number of total failed rules.
total_rules_count (int) – The number of total rules assessed.
is_baseline_applied (bool) – Baseline created for this database, and has one or more rules.
-
class
azure.mgmt.security.models.
ScanResult
(*, properties: Optional[azure.mgmt.security.models._models_py3.ScanResultProperties] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
A vulnerability assessment scan result for a single rule.
Variables are only populated by the server, and will be ignored when sending a request.
-
class
azure.mgmt.security.models.
ScanResultProperties
(*, rule_id: Optional[str] = None, status: Optional[str] = None, is_trimmed: Optional[bool] = None, query_results: Optional[List[List[str]]] = None, remediation: Optional[azure.mgmt.security.models._models_py3.Remediation] = None, baseline_adjusted_result: Optional[azure.mgmt.security.models._models_py3.BaselineAdjustedResult] = None, rule_metadata: Optional[azure.mgmt.security.models._models_py3.VaRule] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
A vulnerability assessment scan result properties for a single rule.
- Parameters
rule_id (str) – The rule Id.
status (str or RuleStatus) – The rule result status. Possible values include: “NonFinding”, “Finding”, “InternalError”.
is_trimmed (bool) – Indicated whether the results specified here are trimmed.
query_results (list[list[str]]) – The results of the query that was run.
remediation (Remediation) – Remediation details.
baseline_adjusted_result (BaselineAdjustedResult) – The rule result adjusted with baseline.
rule_metadata (VaRule) – vulnerability assessment rule metadata details.
-
class
azure.mgmt.security.models.
ScanResults
(*, value: Optional[List[azure.mgmt.security.models._models_py3.ScanResult]] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
A list of vulnerability assessment scan results.
- Parameters
value (list[ScanResult]) – List of vulnerability assessment scan results.
-
class
azure.mgmt.security.models.
ScanState
(value)[source]¶ -
The scan status.
-
FAILED
= 'Failed'¶ Failed.
-
FAILED_TO_RUN
= 'FailedToRun'¶ FailedToRun.
-
IN_PROGRESS
= 'InProgress'¶ InProgress.
-
PASSED
= 'Passed'¶ Passed.
-
-
class
azure.mgmt.security.models.
ScanTriggerType
(value)[source]¶ -
The scan trigger type.
-
ON_DEMAND
= 'OnDemand'¶ OnDemand.
-
RECURRING
= 'Recurring'¶ Recurring.
-
-
class
azure.mgmt.security.models.
Scans
(*, value: Optional[List[azure.mgmt.security.models._models_py3.Scan]] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
A list of vulnerability assessment scan records.
-
class
azure.mgmt.security.models.
ScopeElement
(*, additional_properties: Optional[Dict[str, Any]] = None, field: Optional[str] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
A more specific scope used to identify the alerts to suppress.
-
class
azure.mgmt.security.models.
SecureScoreControlDefinitionItem
(**kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
Information about the security control.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
name (str) – Resource name.
display_name (str) – User friendly display name of the control.
description (str) – User friendly description of the control.
max_score (int) – Maximum control score (0..10).
source (SecureScoreControlDefinitionSource) – Source object from which the control was created.
assessment_definitions (list[AzureResourceLink]) – Array of assessments metadata IDs that are included in this security control.
-
class
azure.mgmt.security.models.
SecureScoreControlDefinitionList
(**kwargs)[source]¶ Bases:
msrest.serialization.Model
List of security controls definition.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
value (list[SecureScoreControlDefinitionItem]) – Collection of security controls definition in this page.
next_link (str) – The URI to fetch the next page.
-
class
azure.mgmt.security.models.
SecureScoreControlDefinitionSource
(*, source_type: Optional[str] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
The type of the security control (For example, BuiltIn).
- Parameters
source_type (str or ControlType) – The type of security control (for example, BuiltIn). Possible values include: “BuiltIn”, “Custom”.
-
class
azure.mgmt.security.models.
SecureScoreControlDetails
(*, definition: Optional[azure.mgmt.security.models._models_py3.SecureScoreControlDefinitionItem] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
Details of the security control, its score, and the health status of the relevant resources.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
name (str) – Resource name.
display_name (str) – User friendly display name of the control.
healthy_resource_count (int) – Number of healthy resources in the control.
unhealthy_resource_count (int) – Number of unhealthy resources in the control.
not_applicable_resource_count (int) – Number of not applicable resources in the control.
weight (long) – The relative weight for this specific control in each of your subscriptions. Used when calculating an aggregated score for this control across all of your subscriptions.
current (float) – Current score.
percentage (float) – Ratio of the current score divided by the maximum. Rounded to 4 digits after the decimal point.
- Parameters
definition (SecureScoreControlDefinitionItem) – Information about the security control.
-
class
azure.mgmt.security.models.
SecureScoreControlList
(**kwargs)[source]¶ Bases:
msrest.serialization.Model
List of security controls.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
value (list[SecureScoreControlDetails]) – Collection of security controls in this page.
next_link (str) – The URI to fetch the next page.
-
class
azure.mgmt.security.models.
SecureScoreControlScore
(**kwargs)[source]¶ Bases:
msrest.serialization.Model
Calculation result data.
Variables are only populated by the server, and will be ignored when sending a request.
-
class
azure.mgmt.security.models.
SecureScoreItem
(**kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
Secure score item data model.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
name (str) – Resource name.
display_name (str) – The initiative’s name.
weight (long) – The relative weight for each subscription. Used when calculating an aggregated secure score for multiple subscriptions.
current (float) – Current score.
percentage (float) – Ratio of the current score divided by the maximum. Rounded to 4 digits after the decimal point.
-
class
azure.mgmt.security.models.
SecureScoresList
(**kwargs)[source]¶ Bases:
msrest.serialization.Model
List of secure scores.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
value (list[SecureScoreItem]) – Collection of secure scores in this page.
next_link (str) – The URI to fetch the next page.
-
class
azure.mgmt.security.models.
SecurityAssessment
(*, resource_details: Optional[azure.mgmt.security.models._models_py3.ResourceDetails] = None, status: Optional[azure.mgmt.security.models._models_py3.AssessmentStatus] = None, additional_data: Optional[Dict[str, str]] = None, metadata: Optional[azure.mgmt.security.models._models_py3.SecurityAssessmentMetadataProperties] = None, partners_data: Optional[azure.mgmt.security.models._models_py3.SecurityAssessmentPartnerData] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
Security assessment on a resource.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
- Parameters
resource_details (ResourceDetails) – Details of the resource that was assessed.
status (AssessmentStatus) – The result of the assessment.
additional_data (dict[str, str]) – Additional data regarding the assessment.
metadata (SecurityAssessmentMetadataProperties) – Describes properties of an assessment metadata.
partners_data (SecurityAssessmentPartnerData) – Data regarding 3rd party partner integration.
-
class
azure.mgmt.security.models.
SecurityAssessmentList
(**kwargs)[source]¶ Bases:
msrest.serialization.Model
Page of a security assessments list.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
value (list[SecurityAssessment]) – Collection of security assessments in this page.
next_link (str) – The URI to fetch the next page.
-
class
azure.mgmt.security.models.
SecurityAssessmentMetadata
(*, display_name: Optional[str] = None, description: Optional[str] = None, remediation_description: Optional[str] = None, categories: Optional[List[str]] = None, severity: Optional[str] = None, user_impact: Optional[str] = None, implementation_effort: Optional[str] = None, threats: Optional[List[str]] = None, preview: Optional[bool] = None, assessment_type: Optional[str] = None, partner_data: Optional[azure.mgmt.security.models._models_py3.SecurityAssessmentMetadataPartnerData] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
Security assessment metadata.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
- Parameters
display_name (str) – User friendly display name of the assessment.
description (str) – Human readable description of the assessment.
remediation_description (str) – Human readable description of what you should do to mitigate this security issue.
categories (list[str or Categories]) –
severity (str or Severity) – The severity level of the assessment. Possible values include: “Low”, “Medium”, “High”.
user_impact (str or UserImpact) – The user impact of the assessment. Possible values include: “Low”, “Moderate”, “High”.
implementation_effort (str or ImplementationEffort) – The implementation effort required to remediate this assessment. Possible values include: “Low”, “Moderate”, “High”.
preview (bool) – True if this assessment is in preview release status.
assessment_type (str or AssessmentType) – BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition. Possible values include: “BuiltIn”, “CustomPolicy”, “CustomerManaged”, “VerifiedPartner”.
partner_data (SecurityAssessmentMetadataPartnerData) – Describes the partner that created the assessment.
-
class
azure.mgmt.security.models.
SecurityAssessmentMetadataList
(**kwargs)[source]¶ Bases:
msrest.serialization.Model
List of security assessment metadata.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
value (list[SecurityAssessmentMetadata]) –
next_link (str) – The URI to fetch the next page.
-
class
azure.mgmt.security.models.
SecurityAssessmentMetadataPartnerData
(*, partner_name: str, secret: str, product_name: Optional[str] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
Describes the partner that created the assessment.
All required parameters must be populated in order to send to Azure.
-
class
azure.mgmt.security.models.
SecurityAssessmentMetadataProperties
(*, display_name: str, severity: str, assessment_type: str, description: Optional[str] = None, remediation_description: Optional[str] = None, categories: Optional[List[str]] = None, user_impact: Optional[str] = None, implementation_effort: Optional[str] = None, threats: Optional[List[str]] = None, preview: Optional[bool] = None, partner_data: Optional[azure.mgmt.security.models._models_py3.SecurityAssessmentMetadataPartnerData] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
Describes properties of an assessment metadata.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Parameters
display_name (str) – Required. User friendly display name of the assessment.
description (str) – Human readable description of the assessment.
remediation_description (str) – Human readable description of what you should do to mitigate this security issue.
categories (list[str or Categories]) –
severity (str or Severity) – Required. The severity level of the assessment. Possible values include: “Low”, “Medium”, “High”.
user_impact (str or UserImpact) – The user impact of the assessment. Possible values include: “Low”, “Moderate”, “High”.
implementation_effort (str or ImplementationEffort) – The implementation effort required to remediate this assessment. Possible values include: “Low”, “Moderate”, “High”.
preview (bool) – True if this assessment is in preview release status.
assessment_type (str or AssessmentType) – Required. BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition. Possible values include: “BuiltIn”, “CustomPolicy”, “CustomerManaged”, “VerifiedPartner”.
partner_data (SecurityAssessmentMetadataPartnerData) – Describes the partner that created the assessment.
- Variables
policy_definition_id (str) – Azure resource ID of the policy definition that turns this assessment calculation on.
-
class
azure.mgmt.security.models.
SecurityAssessmentPartnerData
(*, partner_name: str, secret: str, **kwargs)[source]¶ Bases:
msrest.serialization.Model
Data regarding 3rd party partner integration.
All required parameters must be populated in order to send to Azure.
-
class
azure.mgmt.security.models.
SecurityContact
(*, email: Optional[str] = None, phone: Optional[str] = None, alert_notifications: Optional[str] = None, alerts_to_admins: Optional[str] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
Contact details for security issues.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
- Parameters
email (str) – The email of this security contact.
phone (str) – The phone number of this security contact.
alert_notifications (str or AlertNotifications) – Whether to send security alerts notifications to the security contact. Possible values include: “On”, “Off”.
alerts_to_admins (str or AlertsToAdmins) – Whether to send security alerts notifications to subscription admins. Possible values include: “On”, “Off”.
-
class
azure.mgmt.security.models.
SecurityContactList
(**kwargs)[source]¶ Bases:
msrest.serialization.Model
List of security contacts response.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
value (list[SecurityContact]) – List of security contacts.
next_link (str) – The URI to fetch the next page.
-
class
azure.mgmt.security.models.
SecurityFamily
(value)[source]¶ -
The security family of the discovered solution
-
NGFW
= 'Ngfw'¶
-
SAAS_WAF
= 'SaasWaf'¶
-
VA
= 'Va'¶
-
WAF
= 'Waf'¶
-
-
class
azure.mgmt.security.models.
SecuritySolution
(*, security_family: Optional[str] = None, provisioning_state: Optional[str] = None, template: Optional[str] = None, protection_status: Optional[str] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
,azure.mgmt.security.models._models_py3.Location
SecuritySolution.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
- Parameters
security_family (str or SecurityFamily) – The security family of the security solution. Possible values include: “Waf”, “Ngfw”, “SaasWaf”, “Va”.
provisioning_state (str or ProvisioningState) – The security family provisioning State. Possible values include: “Succeeded”, “Failed”, “Updating”.
template (str) – The security solutions’ template.
protection_status (str) – The security solutions’ status.
-
class
azure.mgmt.security.models.
SecuritySolutionList
(*, value: Optional[List[azure.mgmt.security.models._models_py3.SecuritySolution]] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
SecuritySolutionList.
Variables are only populated by the server, and will be ignored when sending a request.
- Parameters
value (list[SecuritySolution]) –
- Variables
next_link (str) – The URI to fetch the next page.
-
class
azure.mgmt.security.models.
SecuritySolutionStatus
(value)[source]¶ -
Status of the IoT Security solution.
-
DISABLED
= 'Disabled'¶
-
ENABLED
= 'Enabled'¶
-
-
class
azure.mgmt.security.models.
SecuritySolutionsReferenceData
(*, security_family: str, alert_vendor_name: str, package_info_url: str, product_name: str, publisher: str, publisher_display_name: str, template: str, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
,azure.mgmt.security.models._models_py3.Location
SecuritySolutionsReferenceData.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Variables
- Parameters
security_family (str or SecurityFamily) – Required. The security family of the security solution. Possible values include: “Waf”, “Ngfw”, “SaasWaf”, “Va”.
alert_vendor_name (str) – Required. The security solutions’ vendor name.
package_info_url (str) – Required. The security solutions’ package info url.
product_name (str) – Required. The security solutions’ product name.
publisher (str) – Required. The security solutions’ publisher.
publisher_display_name (str) – Required. The security solutions’ publisher display name.
template (str) – Required. The security solutions’ template.
-
class
azure.mgmt.security.models.
SecuritySolutionsReferenceDataList
(*, value: Optional[List[azure.mgmt.security.models._models_py3.SecuritySolutionsReferenceData]] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
SecuritySolutionsReferenceDataList.
- Parameters
value (list[SecuritySolutionsReferenceData]) –
-
class
azure.mgmt.security.models.
SecuritySubAssessment
(*, status: Optional[azure.mgmt.security.models._models_py3.SubAssessmentStatus] = None, resource_details: Optional[azure.mgmt.security.models._models_py3.ResourceDetails] = None, additional_data: Optional[azure.mgmt.security.models._models_py3.AdditionalData] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
Security sub-assessment on a resource.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
name (str) – Resource name.
id_properties_id (str) – Vulnerability ID.
display_name (str) – User friendly display name of the sub-assessment.
remediation (str) – Information on how to remediate this sub-assessment.
impact (str) – Description of the impact of this sub-assessment.
category (str) – Category of the sub-assessment.
description (str) – Human readable description of the assessment status.
time_generated (datetime) – The date and time the sub-assessment was generated.
- Parameters
status (SubAssessmentStatus) – Status of the sub-assessment.
resource_details (ResourceDetails) – Details of the resource that was assessed.
additional_data (AdditionalData) – Details of the sub-assessment.
-
class
azure.mgmt.security.models.
SecuritySubAssessmentList
(**kwargs)[source]¶ Bases:
msrest.serialization.Model
List of security sub-assessments.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
value (list[SecuritySubAssessment]) –
next_link (str) – The URI to fetch the next page.
-
class
azure.mgmt.security.models.
SecurityTask
(*, security_task_parameters: Optional[azure.mgmt.security.models._models_py3.SecurityTaskParameters] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
Security task that we recommend to do in order to strengthen security.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
name (str) – Resource name.
state (str) – State of the task (Active, Resolved etc.).
creation_time_utc (datetime) – The time this task was discovered in UTC.
last_state_change_time_utc (datetime) – The time this task’s details were last changed in UTC.
sub_state (str) – Additional data on the state of the task.
- Parameters
security_task_parameters (SecurityTaskParameters) – Changing set of properties, depending on the task type that is derived from the name field.
-
class
azure.mgmt.security.models.
SecurityTaskList
(**kwargs)[source]¶ Bases:
msrest.serialization.Model
List of security task recommendations.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
value (list[SecurityTask]) –
next_link (str) – The URI to fetch the next page.
-
class
azure.mgmt.security.models.
SecurityTaskParameters
(*, additional_properties: Optional[Dict[str, Any]] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
Changing set of properties, depending on the task type that is derived from the name field.
Variables are only populated by the server, and will be ignored when sending a request.
-
class
azure.mgmt.security.models.
SensitivityLabel
(*, display_name: Optional[str] = None, description: Optional[str] = None, rank: Optional[str] = None, order: Optional[int] = None, enabled: Optional[bool] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
The sensitivity label.
- Parameters
display_name (str) – The name of the sensitivity label.
description (str) – The description of the sensitivity label.
rank (str or Rank) – The rank of the sensitivity label. Possible values include: “None”, “Low”, “Medium”, “High”, “Critical”.
order (int) – The order of the sensitivity label.
enabled (bool) – Indicates whether the label is enabled or not.
-
class
azure.mgmt.security.models.
ServerVulnerabilityAssessment
(**kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
Describes the server vulnerability assessment details on a resource.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
name (str) – Resource name.
provisioning_state (str or ServerVulnerabilityAssessmentPropertiesProvisioningState) – The provisioningState of the vulnerability assessment capability on the VM. Possible values include: “Succeeded”, “Failed”, “Canceled”, “Provisioning”, “Deprovisioning”.
-
class
azure.mgmt.security.models.
ServerVulnerabilityAssessmentPropertiesProvisioningState
(value)[source]¶ -
The provisioningState of the vulnerability assessment capability on the VM
-
CANCELED
= 'Canceled'¶
-
DEPROVISIONING
= 'Deprovisioning'¶
-
FAILED
= 'Failed'¶
-
PROVISIONING
= 'Provisioning'¶
-
SUCCEEDED
= 'Succeeded'¶
-
-
class
azure.mgmt.security.models.
ServerVulnerabilityAssessmentsList
(*, value: Optional[List[azure.mgmt.security.models._models_py3.ServerVulnerabilityAssessment]] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
List of server vulnerability assessments.
- Parameters
value (list[ServerVulnerabilityAssessment]) –
-
class
azure.mgmt.security.models.
ServerVulnerabilityProperties
(**kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.AdditionalData
Additional context fields for server vulnerability assessment.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Parameters
assessed_resource_type (str or AssessedResourceType) – Required. Sub-assessment resource type.Constant filled by server. Possible values include: “SqlServerVulnerability”, “ContainerRegistryVulnerability”, “ServerVulnerability”.
- Variables
type (str) – Vulnerability Type. e.g: Vulnerability, Potential Vulnerability, Information Gathered.
cvss (dict[str, CVSS]) – Dictionary from cvss version to cvss details object.
patchable (bool) – Indicates whether a patch is available or not.
threat (str) – Threat name.
published_time (datetime) – Published time.
vendor_references (list[VendorReference]) –
-
class
azure.mgmt.security.models.
ServicePrincipalProperties
(*, application_id: Optional[str] = None, secret: Optional[str] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
Details of the service principal.
-
class
azure.mgmt.security.models.
Setting
(**kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
The kind of the security setting.
You probably want to use the sub-classes and not this class directly. Known sub-classes are: AlertSyncSettings, DataExportSettings.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
-
class
azure.mgmt.security.models.
SettingKind
(value)[source]¶ -
the kind of the settings string
-
ALERT_SUPPRESSION_SETTING
= 'AlertSuppressionSetting'¶
-
ALERT_SYNC_SETTINGS
= 'AlertSyncSettings'¶
-
DATA_EXPORT_SETTINGS
= 'DataExportSettings'¶
-
-
class
azure.mgmt.security.models.
SettingsList
(*, value: Optional[List[azure.mgmt.security.models._models_py3.Setting]] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
Subscription settings list.
Variables are only populated by the server, and will be ignored when sending a request.
-
class
azure.mgmt.security.models.
Severity
(value)[source]¶ -
The sub-assessment severity level
-
HIGH
= 'High'¶
-
LOW
= 'Low'¶
-
MEDIUM
= 'Medium'¶
-
-
class
azure.mgmt.security.models.
Software
(*, device_id: Optional[str] = None, os_platform: Optional[str] = None, vendor: Optional[str] = None, software_name: Optional[str] = None, version: Optional[str] = None, end_of_support_status: Optional[str] = None, end_of_support_date: Optional[str] = None, number_of_known_vulnerabilities: Optional[int] = None, first_seen_at: Optional[str] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
Represents a software data.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
- Parameters
device_id (str) – Unique identifier for the virtual machine in the service.
os_platform (str) – Platform of the operating system running on the device.
vendor (str) – Name of the software vendor.
software_name (str) – Name of the software product.
version (str) – Version number of the software product.
end_of_support_status (str or EndOfSupportStatus) – End of support status. Possible values include: “None”, “noLongerSupported”, “versionNoLongerSupported”, “upcomingNoLongerSupported”, “upcomingVersionNoLongerSupported”.
end_of_support_date (str) – The end of support date in case the product is upcoming end of support.
number_of_known_vulnerabilities (int) – Number of weaknesses.
first_seen_at (str) – First time that the software was seen in the device.
-
class
azure.mgmt.security.models.
SoftwaresList
(*, value: Optional[List[azure.mgmt.security.models._models_py3.Software]] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
Represents the software inventory of the virtual machine.
Variables are only populated by the server, and will be ignored when sending a request.
-
class
azure.mgmt.security.models.
Source
(value)[source]¶ -
The platform where the assessed resource resides
-
AZURE
= 'Azure'¶ Resource is in Azure.
-
ON_PREMISE
= 'OnPremise'¶ Resource in an on premise machine connected to Azure cloud.
-
ON_PREMISE_SQL
= 'OnPremiseSql'¶ SQL Resource in an on premise machine connected to Azure cloud.
-
-
class
azure.mgmt.security.models.
SourceSystem
(value)[source]¶ -
The source type of the machine group
-
AZURE_APP_LOCKER
= 'Azure_AppLocker'¶
-
AZURE_AUDIT_D
= 'Azure_AuditD'¶
-
NONE
= 'None'¶
-
NON_AZURE_APP_LOCKER
= 'NonAzure_AppLocker'¶
-
NON_AZURE_AUDIT_D
= 'NonAzure_AuditD'¶
-
-
class
azure.mgmt.security.models.
SqlServerVulnerabilityProperties
(**kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.AdditionalData
Details of the resource that was assessed.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Parameters
assessed_resource_type (str or AssessedResourceType) – Required. Sub-assessment resource type.Constant filled by server. Possible values include: “SqlServerVulnerability”, “ContainerRegistryVulnerability”, “ServerVulnerability”.
- Variables
-
class
azure.mgmt.security.models.
State
(value)[source]¶ -
Aggregative state based on the standard’s supported controls states
-
FAILED
= 'Failed'¶ At least one supported regulatory compliance control in the given standard has a state of failed.
-
PASSED
= 'Passed'¶ All supported regulatory compliance controls in the given standard have a passed state.
-
SKIPPED
= 'Skipped'¶ All supported regulatory compliance controls in the given standard have a state of skipped.
-
UNSUPPORTED
= 'Unsupported'¶ No supported regulatory compliance data for the given standard.
-
-
class
azure.mgmt.security.models.
Status
(value)[source]¶ -
The status of the port
-
INITIATED
= 'Initiated'¶
-
REVOKED
= 'Revoked'¶
-
-
class
azure.mgmt.security.models.
StatusReason
(value)[source]¶ -
A description of why the
status
has its value-
EXPIRED
= 'Expired'¶
-
NEWER_REQUEST_INITIATED
= 'NewerRequestInitiated'¶
-
USER_REQUESTED
= 'UserRequested'¶
-
-
class
azure.mgmt.security.models.
SubAssessmentStatus
(**kwargs)[source]¶ Bases:
msrest.serialization.Model
Status of the sub-assessment.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
code (str or SubAssessmentStatusCode) – Programmatic code for the status of the assessment. Possible values include: “Healthy”, “Unhealthy”, “NotApplicable”.
cause (str) – Programmatic code for the cause of the assessment status.
description (str) – Human readable description of the assessment status.
severity (str or Severity) – The sub-assessment severity level. Possible values include: “Low”, “Medium”, “High”.
-
class
azure.mgmt.security.models.
SubAssessmentStatusCode
(value)[source]¶ -
Programmatic code for the status of the assessment
-
HEALTHY
= 'Healthy'¶ The resource is healthy.
-
NOT_APPLICABLE
= 'NotApplicable'¶ Assessment for this resource did not happen.
-
UNHEALTHY
= 'Unhealthy'¶ The resource has a security issue that needs to be addressed.
-
-
class
azure.mgmt.security.models.
SuppressionAlertsScope
(*, all_of: List[azure.mgmt.security.models._models_py3.ScopeElement], **kwargs)[source]¶ Bases:
msrest.serialization.Model
SuppressionAlertsScope.
All required parameters must be populated in order to send to Azure.
- Parameters
all_of (list[ScopeElement]) – Required. All the conditions inside need to be true in order to suppress the alert.
-
class
azure.mgmt.security.models.
SystemData
(*, created_by: Optional[str] = None, created_by_type: Optional[str] = None, created_at: Optional[datetime.datetime] = None, last_modified_by: Optional[str] = None, last_modified_by_type: Optional[str] = None, last_modified_at: Optional[datetime.datetime] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
Metadata pertaining to creation and last modification of the resource.
- Parameters
created_by (str) – The identity that created the resource.
created_by_type (str or CreatedByType) – The type of identity that created the resource. Possible values include: “User”, “Application”, “ManagedIdentity”, “Key”.
created_at (datetime) – The timestamp of resource creation (UTC).
last_modified_by (str) – The identity that last modified the resource.
last_modified_by_type (str or CreatedByType) – The type of identity that last modified the resource. Possible values include: “User”, “Application”, “ManagedIdentity”, “Key”.
last_modified_at (datetime) – The timestamp of resource last modification (UTC).
-
class
azure.mgmt.security.models.
Tags
(*, tags: Optional[Dict[str, str]] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
A list of key value pairs that describe the resource.
-
class
azure.mgmt.security.models.
TagsResource
(*, tags: Optional[Dict[str, str]] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
A container holding only the Tags for a resource, allowing the user to update the tags.
-
class
azure.mgmt.security.models.
Threats
(value)[source]¶ -
Threats impact of the assessment
-
ACCOUNT_BREACH
= 'accountBreach'¶
-
DATA_EXFILTRATION
= 'dataExfiltration'¶
-
DATA_SPILLAGE
= 'dataSpillage'¶
-
DENIAL_OF_SERVICE
= 'denialOfService'¶
-
ELEVATION_OF_PRIVILEGE
= 'elevationOfPrivilege'¶
-
MALICIOUS_INSIDER
= 'maliciousInsider'¶
-
MISSING_COVERAGE
= 'missingCoverage'¶
-
THREAT_RESISTANCE
= 'threatResistance'¶
-
-
class
azure.mgmt.security.models.
ThresholdCustomAlertRule
(*, is_enabled: bool, min_threshold: int, max_threshold: int, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.CustomAlertRule
A custom alert rule that checks if a value (depends on the custom alert type) is within the given range.
You probably want to use the sub-classes and not this class directly. Known sub-classes are: TimeWindowCustomAlertRule.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Variables
- Parameters
-
class
azure.mgmt.security.models.
TimeWindowCustomAlertRule
(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size: datetime.timedelta, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.ThresholdCustomAlertRule
A custom alert rule that checks if the number of activities (depends on the custom alert type) in a time window is within the given range.
You probably want to use the sub-classes and not this class directly. Known sub-classes are: ActiveConnectionsNotInAllowedRange, AmqpC2DMessagesNotInAllowedRange, AmqpC2DRejectedMessagesNotInAllowedRange, AmqpD2CMessagesNotInAllowedRange, DirectMethodInvokesNotInAllowedRange, FailedLocalLoginsNotInAllowedRange, FileUploadsNotInAllowedRange, HttpC2DMessagesNotInAllowedRange, HttpC2DRejectedMessagesNotInAllowedRange, HttpD2CMessagesNotInAllowedRange, MqttC2DMessagesNotInAllowedRange, MqttC2DRejectedMessagesNotInAllowedRange, MqttD2CMessagesNotInAllowedRange, QueuePurgesNotInAllowedRange, TwinUpdatesNotInAllowedRange, UnauthorizedOperationsNotInAllowedRange.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Variables
- Parameters
is_enabled (bool) – Required. Status of the custom alert.
rule_type (str) – Required. The type of the custom alert rule.Constant filled by server.
min_threshold (int) – Required. The minimum threshold.
max_threshold (int) – Required. The maximum threshold.
time_window_size (timedelta) – Required. The time window size in iso8601 format.
-
class
azure.mgmt.security.models.
TopologyList
(**kwargs)[source]¶ Bases:
msrest.serialization.Model
TopologyList.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
value (list[TopologyResource]) –
next_link (str) – The URI to fetch the next page.
-
class
azure.mgmt.security.models.
TopologyResource
(**kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
,azure.mgmt.security.models._models_py3.Location
TopologyResource.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
location (str) – Location where the resource is stored.
name (str) – Resource name.
calculated_date_time (datetime) – The UTC time on which the topology was calculated.
topology_resources (list[TopologySingleResource]) – Azure resources which are part of this topology resource.
-
class
azure.mgmt.security.models.
TopologySingleResource
(**kwargs)[source]¶ Bases:
msrest.serialization.Model
TopologySingleResource.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
resource_id (str) – Azure resource id.
severity (str) – The security severity of the resource.
recommendations_exist (bool) – Indicates if the resource has security recommendations.
network_zones (str) – Indicates the resource connectivity level to the Internet (InternetFacing, Internal ,etc.).
topology_score (int) – Score of the resource based on its security severity.
location (str) – The location of this resource.
parents (list[TopologySingleResourceParent]) – Azure resources connected to this resource which are in higher level in the topology view.
children (list[TopologySingleResourceChild]) – Azure resources connected to this resource which are in lower level in the topology view.
-
class
azure.mgmt.security.models.
TopologySingleResourceChild
(**kwargs)[source]¶ Bases:
msrest.serialization.Model
TopologySingleResourceChild.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
resource_id (str) – Azure resource id which serves as child resource in topology view.
-
class
azure.mgmt.security.models.
TopologySingleResourceParent
(**kwargs)[source]¶ Bases:
msrest.serialization.Model
TopologySingleResourceParent.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
resource_id (str) – Azure resource id which serves as parent resource in topology view.
-
class
azure.mgmt.security.models.
TrackedResource
(*, tags: Optional[Dict[str, str]] = None, etag: Optional[str] = None, kind: Optional[str] = None, location: Optional[str] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
,azure.mgmt.security.models._models_py3.AzureTrackedResourceLocation
,azure.mgmt.security.models._models_py3.Kind
,azure.mgmt.security.models._models_py3.ETag
,azure.mgmt.security.models._models_py3.Tags
Describes an Azure tracked resource.
Variables are only populated by the server, and will be ignored when sending a request.
- Parameters
- Variables
-
class
azure.mgmt.security.models.
TransportProtocol
(value)[source]¶ -
An enumeration.
-
TCP
= 'TCP'¶
-
UDP
= 'UDP'¶
-
-
class
azure.mgmt.security.models.
TwinUpdatesNotInAllowedRange
(*, is_enabled: bool, min_threshold: int, max_threshold: int, time_window_size: datetime.timedelta, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule
Number of twin updates is not in allowed range.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Variables
- Parameters
is_enabled (bool) – Required. Status of the custom alert.
rule_type (str) – Required. The type of the custom alert rule.Constant filled by server.
min_threshold (int) – Required. The minimum threshold.
max_threshold (int) – Required. The maximum threshold.
time_window_size (timedelta) – Required. The time window size in iso8601 format.
Bases:
azure.mgmt.security.models._models_py3.TimeWindowCustomAlertRule
Number of unauthorized operations is not in allowed range.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Variables
- Parameters
is_enabled (bool) – Required. Status of the custom alert.
rule_type (str) – Required. The type of the custom alert rule.Constant filled by server.
min_threshold (int) – Required. The minimum threshold.
max_threshold (int) – Required. The maximum threshold.
time_window_size (timedelta) – Required. The time window size in iso8601 format.
-
class
azure.mgmt.security.models.
UnmaskedIpLoggingStatus
(value)[source]¶ -
Unmasked IP address logging status
-
DISABLED
= 'Disabled'¶ Unmasked IP logging is disabled.
-
ENABLED
= 'Enabled'¶ Unmasked IP logging is enabled.
-
-
class
azure.mgmt.security.models.
UpdateIotSecuritySolutionData
(*, tags: Optional[Dict[str, str]] = None, user_defined_resources: Optional[azure.mgmt.security.models._models_py3.UserDefinedResourcesProperties] = None, recommendations_configuration: Optional[List[azure.mgmt.security.models._models_py3.RecommendationConfigurationProperties]] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.TagsResource
UpdateIotSecuritySolutionData.
- Parameters
user_defined_resources (UserDefinedResourcesProperties) – Properties of the IoT Security solution’s user defined resources.
recommendations_configuration (list[RecommendationConfigurationProperties]) – List of the configuration status for each recommendation type.
-
class
azure.mgmt.security.models.
UserDefinedResourcesProperties
(*, query: str, query_subscriptions: List[str], **kwargs)[source]¶ Bases:
msrest.serialization.Model
Properties of the IoT Security solution’s user defined resources.
All required parameters must be populated in order to send to Azure.
- Parameters
query (str) – Required. Azure Resource Graph query which represents the security solution’s user defined resources. Required to start with “where type != “Microsoft.Devices/IotHubs””.
query_subscriptions (list[str]) – Required. List of Azure subscription ids on which the user defined resources query should be executed.
-
class
azure.mgmt.security.models.
UserImpact
(value)[source]¶ -
The user impact of the assessment
-
HIGH
= 'High'¶
-
LOW
= 'Low'¶
-
MODERATE
= 'Moderate'¶
-
-
class
azure.mgmt.security.models.
UserRecommendation
(*, username: Optional[str] = None, recommendation_action: Optional[str] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
Represents a user that is recommended to be allowed for a certain rule.
- Parameters
username (str) – Represents a user that is recommended to be allowed for a certain rule.
recommendation_action (str or RecommendationAction) – The recommendation action of the machine or rule. Possible values include: “Recommended”, “Add”, “Remove”.
-
class
azure.mgmt.security.models.
VaRule
(*, rule_id: Optional[str] = None, severity: Optional[str] = None, category: Optional[str] = None, rule_type: Optional[str] = None, title: Optional[str] = None, description: Optional[str] = None, rationale: Optional[str] = None, query_check: Optional[azure.mgmt.security.models._models_py3.QueryCheck] = None, benchmark_references: Optional[List[azure.mgmt.security.models._models_py3.BenchmarkReference]] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
vulnerability assessment rule metadata details.
- Parameters
rule_id (str) – The rule Id.
severity (str or RuleSeverity) – The rule severity. Possible values include: “High”, “Medium”, “Low”, “Informational”, “Obsolete”.
category (str) – The rule category.
rule_type (str or RuleType) – The rule type. Possible values include: “Binary”, “BaselineExpected”, “PositiveList”, “NegativeList”.
title (str) – The rule title.
description (str) – The rule description.
rationale (str) – The rule rationale.
query_check (QueryCheck) – The rule query details.
benchmark_references (list[BenchmarkReference]) – The benchmark references.
-
class
azure.mgmt.security.models.
ValueType
(value)[source]¶ -
The value type of the items in the list.
-
IP_CIDR
= 'IpCidr'¶ An IP range in CIDR format (e.g. ‘192.168.0.1/8’).
-
STRING
= 'String'¶ Any string value.
-
-
class
azure.mgmt.security.models.
VendorReference
(**kwargs)[source]¶ Bases:
msrest.serialization.Model
Vendor reference.
Variables are only populated by the server, and will be ignored when sending a request.
-
class
azure.mgmt.security.models.
VmRecommendation
(*, configuration_status: Optional[str] = None, recommendation_action: Optional[str] = None, resource_id: Optional[str] = None, enforcement_support: Optional[str] = None, **kwargs)[source]¶ Bases:
msrest.serialization.Model
Represents a machine that is part of a machine group.
- Parameters
configuration_status (str or ConfigurationStatus) – The configuration status of the machines group or machine or rule. Possible values include: “Configured”, “NotConfigured”, “InProgress”, “Failed”, “NoStatus”.
recommendation_action (str or RecommendationAction) – The recommendation action of the machine or rule. Possible values include: “Recommended”, “Add”, “Remove”.
resource_id (str) – The full resource id of the machine.
enforcement_support (str or EnforcementSupport) – The machine supportability of Enforce feature. Possible values include: “Supported”, “NotSupported”, “Unknown”.
-
class
azure.mgmt.security.models.
WorkspaceSetting
(*, workspace_id: Optional[str] = None, scope: Optional[str] = None, **kwargs)[source]¶ Bases:
azure.mgmt.security.models._models_py3.Resource
Configures where to store the OMS agent data for workspaces under a scope.
Variables are only populated by the server, and will be ignored when sending a request.
- Variables
- Parameters
-
class
azure.mgmt.security.models.
WorkspaceSettingList
(*, value: List[azure.mgmt.security.models._models_py3.WorkspaceSetting], **kwargs)[source]¶ Bases:
msrest.serialization.Model
List of workspace settings response.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Parameters
value (list[WorkspaceSetting]) – Required. List of workspace settings.
- Variables
next_link (str) – The URI to fetch the next page.