{ "swagger": "2.0", "info": { "title": "Microsoft Defender for Cloud", "description": "API spec for Microsoft.Security (Microsoft Defender for Cloud) resource provider", "version": "2015-06-01-preview" }, "host": "management.azure.com", "schemes": [ "https" ], "consumes": [ "application/json" ], "produces": [ "application/json" ], "security": [ { "azure_auth": [ "user_impersonation" ] } ], "securityDefinitions": { "azure_auth": { "type": "oauth2", "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", "flow": "implicit", "description": "Azure Active Directory OAuth2 Flow", "scopes": { "user_impersonation": "impersonate your user account" } } }, "paths": { "/subscriptions/{subscriptionId}/providers/Microsoft.Security/externalSecuritySolutions": { "get": { "x-ms-examples": { "Get external security solutions on a subscription": { "$ref": "./examples/ExternalSecuritySolutions/GetExternalSecuritySolutionsSubscription_example.json" } }, "description": "Gets a list of external security solutions for the subscription.", "tags": [ "ExternalSecuritySolutions" ], "operationId": "ExternalSecuritySolutions_List", "parameters": [ { "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" }, { "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/ExternalSecuritySolutionList" } }, "default": { "description": "Error response describing why the operation failed.", "schema": { "$ref": "../../../common/v1/types.json#/definitions/CloudError" } } }, "x-ms-pageable": { "nextLinkName": "nextLink" } } }, "/subscriptions/{subscriptionId}/providers/Microsoft.Security/locations/{ascLocation}/ExternalSecuritySolutions": { "get": { "x-ms-examples": { "Get external security solutions on a subscription from security data location": { "$ref": "./examples/ExternalSecuritySolutions/GetExternalSecuritySolutionsSubscriptionLocation_example.json" } }, "description": "Gets a list of external Security Solutions for the subscription and location.", "tags": [ "ExternalSecuritySolutions" ], "operationId": "ExternalSecuritySolutions_ListByHomeRegion", "parameters": [ { "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" }, { "$ref": "../../../common/v1/types.json#/parameters/AscLocation" }, { "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/ExternalSecuritySolutionList" } }, "default": { "description": "Error response describing why the operation failed.", "schema": { "$ref": "../../../common/v1/types.json#/definitions/CloudError" } } }, "x-ms-pageable": { "nextLinkName": "nextLink" } } }, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/locations/{ascLocation}/ExternalSecuritySolutions/{externalSecuritySolutionsName}": { "get": { "x-ms-examples": { "Get external security solution": { "$ref": "./examples/ExternalSecuritySolutions/GetExternalSecuritySolution_example.json" } }, "description": "Gets a specific external Security Solution.", "tags": [ "ExternalSecuritySolutions" ], "operationId": "ExternalSecuritySolutions_Get", "parameters": [ { "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" }, { "$ref": "../../../common/v1/types.json#/parameters/ResourceGroupName" }, { "$ref": "../../../common/v1/types.json#/parameters/AscLocation" }, { "$ref": "#/parameters/ExternalSecuritySolutionsName" }, { "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/ExternalSecuritySolution" } }, "default": { "description": "Error response describing why the operation failed.", "schema": { "$ref": "../../../common/v1/types.json#/definitions/CloudError" } } } } } }, "definitions": { "ExternalSecuritySolutionList": { "properties": { "value": { "type": "array", "items": { "$ref": "#/definitions/ExternalSecuritySolution" } }, "nextLink": { "readOnly": true, "type": "string", "description": "The URI to fetch the next page." } } }, "ExternalSecuritySolution": { "type": "object", "description": "Represents a security solution external to Microsoft Defender for Cloud which sends information to an OMS workspace and whose data is displayed by Microsoft Defender for Cloud.", "discriminator": "kind", "properties": {}, "allOf": [ { "$ref": "../../../common/v1/types.json#/definitions/Resource" }, { "$ref": "#/definitions/ExternalSecuritySolutionKind" }, { "$ref": "../../../common/v1/types.json#/definitions/Location" } ] }, "CefExternalSecuritySolution": { "x-ms-discriminator-value": "CEF", "type": "object", "description": "Represents a security solution which sends CEF logs to an OMS workspace", "allOf": [ { "$ref": "#/definitions/ExternalSecuritySolution" } ], "properties": { "properties": { "$ref": "#/definitions/CefSolutionProperties" } } }, "AtaExternalSecuritySolution": { "x-ms-discriminator-value": "ATA", "type": "object", "description": "Represents an ATA security solution which sends logs to an OMS workspace", "allOf": [ { "$ref": "#/definitions/ExternalSecuritySolution" } ], "properties": { "properties": { "$ref": "#/definitions/AtaSolutionProperties" } } }, "AadExternalSecuritySolution": { "x-ms-discriminator-value": "AAD", "type": "object", "description": "Represents an AAD identity protection solution which sends logs to an OMS workspace.", "allOf": [ { "$ref": "#/definitions/ExternalSecuritySolution" } ], "properties": { "properties": { "$ref": "#/definitions/AadSolutionProperties" } } }, "ExternalSecuritySolutionKind": { "type": "object", "description": "Describes an Azure resource with kind", "properties": { "kind": { "type": "string", "description": "The kind of the external solution", "enum": [ "CEF", "ATA", "AAD" ], "x-ms-enum": { "name": "ExternalSecuritySolutionKind", "modelAsString": true, "values": [ { "value": "CEF" }, { "value": "ATA" }, { "value": "AAD" } ] } } } }, "ExternalSecuritySolutionProperties": { "type": "object", "description": "The solution properties (correspond to the solution kind)", "additionalProperties": true, "properties": { "deviceVendor": { "type": "string" }, "deviceType": { "type": "string" }, "workspace": { "$ref": "#/definitions/ConnectedWorkspace" } } }, "ConnectedWorkspace": { "type": "object", "title": "Represents an OMS workspace to which the solution is connected", "properties": { "id": { "type": "string", "description": "Azure resource ID of the connected OMS workspace" } } }, "AadConnectivityState": { "type": "object", "description": "Describes an Azure resource with kind", "properties": { "connectivityState": { "type": "string", "title": "The connectivity state of the external AAD solution ", "enum": [ "Discovered", "NotLicensed", "Connected" ], "x-ms-enum": { "name": "AadConnectivityState", "modelAsString": true, "values": [ { "value": "Discovered" }, { "value": "NotLicensed" }, { "value": "Connected" } ] } } } }, "AadSolutionProperties": { "type": "object", "title": "The external security solution properties for AAD solutions", "allOf": [ { "$ref": "#/definitions/ExternalSecuritySolutionProperties" }, { "$ref": "#/definitions/AadConnectivityState" } ] }, "CefSolutionProperties": { "type": "object", "title": "The external security solution properties for CEF solutions", "properties": { "hostname": { "type": "string" }, "agent": { "type": "string" }, "lastEventReceived": { "type": "string" } }, "allOf": [ { "$ref": "#/definitions/ExternalSecuritySolutionProperties" } ] }, "AtaSolutionProperties": { "type": "object", "title": "The external security solution properties for ATA solutions", "properties": { "lastEventReceived": { "type": "string" } }, "allOf": [ { "$ref": "#/definitions/ExternalSecuritySolutionProperties" } ] } }, "parameters": { "ExternalSecuritySolutionsName": { "name": "externalSecuritySolutionsName", "in": "path", "description": "Name of an external security solution.", "required": true, "type": "string", "x-ms-parameter-location": "method" } } }