{ "swagger": "2.0", "info": { "title": "Microsoft Defender for Cloud", "description": "API spec for Microsoft.Security (Microsoft Defender for Cloud) resource provider", "version": "2015-06-01-preview" }, "host": "management.azure.com", "schemes": [ "https" ], "consumes": [ "application/json" ], "produces": [ "application/json" ], "security": [ { "azure_auth": [ "user_impersonation" ] } ], "securityDefinitions": { "azure_auth": { "type": "oauth2", "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", "flow": "implicit", "description": "Azure Active Directory OAuth2 Flow", "scopes": { "user_impersonation": "impersonate your user account" } } }, "paths": { "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceNamespace}/{resourceType}/{resourceName}/providers/Microsoft.Security/adaptiveNetworkHardenings": { "get": { "x-ms-examples": { "List Adaptive Network Hardenings resources of an extended resource": { "$ref": "./examples/AdaptiveNetworkHardenings/ListByExtendedResourceAdaptiveNetworkHardenings_example.json" } }, "description": "Gets a list of Adaptive Network Hardenings resources in scope of an extended resource.", "tags": [ "AdaptiveNetworkHardenings" ], "operationId": "AdaptiveNetworkHardenings_ListByExtendedResource", "parameters": [ { "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" }, { "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" }, { "name": "resourceNamespace", "in": "path", "description": "The Namespace of the resource.", "required": true, "type": "string" }, { "name": "resourceType", "in": "path", "description": "The type of the resource.", "required": true, "type": "string" }, { "name": "resourceName", "in": "path", "description": "Name of the resource.", "required": true, "type": "string" }, { "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/AdaptiveNetworkHardeningsList" } }, "default": { "description": "Error response describing why the operation failed.", "schema": { "$ref": "../../../common/v1/types.json#/definitions/CloudError" } } }, "x-ms-pageable": { "nextLinkName": "nextLink" } } }, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceNamespace}/{resourceType}/{resourceName}/providers/Microsoft.Security/adaptiveNetworkHardenings/{adaptiveNetworkHardeningResourceName}": { "get": { "x-ms-examples": { "Get a single Adaptive Network Hardening resource": { "$ref": "./examples/AdaptiveNetworkHardenings/GetAdaptiveNetworkHardening_example.json" } }, "tags": [ "AdaptiveNetworkHardenings" ], "description": "Gets a single Adaptive Network Hardening resource", "operationId": "AdaptiveNetworkHardenings_Get", "parameters": [ { "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" }, { "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" }, { "name": "resourceNamespace", "in": "path", "description": "The Namespace of the resource.", "required": true, "type": "string" }, { "name": "resourceType", "in": "path", "description": "The type of the resource.", "required": true, "type": "string" }, { "name": "resourceName", "in": "path", "description": "Name of the resource.", "required": true, "type": "string" }, { "$ref": "#/parameters/AdaptiveNetworkHardeningResourceName" }, { "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/AdaptiveNetworkHardening" } }, "default": { "description": "Error response describing why the operation failed.", "schema": { "$ref": "../../../common/v1/types.json#/definitions/CloudError" } } } } }, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceNamespace}/{resourceType}/{resourceName}/providers/Microsoft.Security/adaptiveNetworkHardenings/{adaptiveNetworkHardeningResourceName}/{adaptiveNetworkHardeningEnforceAction}": { "post": { "x-ms-long-running-operation": true, "x-ms-examples": { "Enforces the given rules on the NSG(s) listed in the request": { "$ref": "./examples/AdaptiveNetworkHardenings/EnforceAdaptiveNetworkHardeningRules_example.json" } }, "tags": [ "AdaptiveNetworkHardenings" ], "description": "Enforces the given rules on the NSG(s) listed in the request", "operationId": "AdaptiveNetworkHardenings_Enforce", "parameters": [ { "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" }, { "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" }, { "name": "resourceNamespace", "in": "path", "description": "The Namespace of the resource.", "required": true, "type": "string" }, { "name": "resourceType", "in": "path", "description": "The type of the resource.", "required": true, "type": "string" }, { "name": "resourceName", "in": "path", "description": "Name of the resource.", "required": true, "type": "string" }, { "$ref": "#/parameters/AdaptiveNetworkHardeningResourceName" }, { "$ref": "#/parameters/AdaptiveNetworkHardeningEnforceAction" }, { "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" }, { "$ref": "#/parameters/AdaptiveNetworkHardeningEnforceRequest" } ], "responses": { "200": { "description": "OK." }, "202": { "description": "Accepted" }, "default": { "description": "Error response describing why the operation failed.", "schema": { "$ref": "../../../common/v1/types.json#/definitions/CloudError" } } } } } }, "definitions": { "PortNumber": { "type": "integer", "minimum": 0, "maximum": 65535 }, "Rule": { "description": "Describes remote addresses that is recommended to communicate with the Azure resource on some (Protocol, Port, Direction). All other remote addresses are recommended to be blocked", "properties": { "name": { "description": "The name of the rule", "type": "string" }, "direction": { "description": "The rule's direction", "type": "string", "enum": [ "Inbound", "Outbound" ], "x-ms-enum": { "name": "direction", "modelAsString": true } }, "destinationPort": { "description": "The rule's destination port", "$ref": "#/definitions/PortNumber" }, "protocols": { "description": "The rule's transport protocols", "type": "array", "items": { "type": "string", "enum": [ "TCP", "UDP" ], "x-ms-enum": { "name": "transportProtocol", "modelAsString": true } } }, "ipAddresses": { "description": "The remote IP addresses that should be able to communicate with the Azure resource on the rule's destination port and protocol", "type": "array", "items": { "type": "string" } } } }, "EffectiveNetworkSecurityGroups": { "description": "Describes the Network Security Groups effective on a network interface", "properties": { "networkInterface": { "description": "The Azure resource ID of the network interface", "type": "string" }, "networkSecurityGroups": { "description": "The Network Security Groups effective on the network interface", "type": "array", "items": { "type": "string" } } } }, "AdaptiveNetworkHardeningProperties": { "description": "Adaptive Network Hardening resource properties", "properties": { "rules": { "description": "The security rules which are recommended to be effective on the VM", "type": "array", "items": { "$ref": "#/definitions/Rule" } }, "rulesCalculationTime": { "type": "string", "format": "date-time", "description": "The UTC time on which the rules were calculated" }, "effectiveNetworkSecurityGroups": { "description": "The Network Security Groups effective on the network interfaces of the protected resource", "type": "array", "items": { "$ref": "#/definitions/EffectiveNetworkSecurityGroups" } } } }, "AdaptiveNetworkHardening": { "description": "The resource whose properties describes the Adaptive Network Hardening settings for some Azure resource", "properties": { "properties": { "description": "Properties of the Adaptive Network Hardening resource", "x-ms-client-flatten": true, "$ref": "#/definitions/AdaptiveNetworkHardeningProperties" } }, "allOf": [ { "$ref": "../../../common/v1/types.json#/definitions/Resource" } ] }, "AdaptiveNetworkHardeningsList": { "description": "Response for ListAdaptiveNetworkHardenings API service call", "properties": { "value": { "description": "A list of Adaptive Network Hardenings resources", "type": "array", "items": { "$ref": "#/definitions/AdaptiveNetworkHardening" } }, "nextLink": { "description": "The URL to get the next set of results", "type": "string" } } }, "AdaptiveNetworkHardeningEnforceRequest": { "type": "object", "properties": { "rules": { "type": "array", "description": "The rules to enforce", "items": { "$ref": "#/definitions/Rule" } }, "networkSecurityGroups": { "type": "array", "description": "The Azure resource IDs of the effective network security groups that will be updated with the created security rules from the Adaptive Network Hardening rules", "items": { "type": "string" } } }, "required": [ "rules", "networkSecurityGroups" ] } }, "parameters": { "AdaptiveNetworkHardeningResourceName": { "name": "adaptiveNetworkHardeningResourceName", "in": "path", "description": "The name of the Adaptive Network Hardening resource.", "required": true, "type": "string", "x-ms-parameter-location": "method" }, "AdaptiveNetworkHardeningEnforceAction": { "name": "adaptiveNetworkHardeningEnforceAction", "type": "string", "in": "path", "required": true, "description": "Enforces the given rules on the NSG(s) listed in the request", "enum": [ "enforce" ], "x-ms-parameter-location": "method" }, "AdaptiveNetworkHardeningEnforceRequest": { "name": "body", "in": "body", "required": true, "schema": { "$ref": "#/definitions/AdaptiveNetworkHardeningEnforceRequest" }, "x-ms-parameter-location": "method" } } }