swagger: '2.0' info: title: Microsoft Azure Microsoft Defender for Cloud description: >- API spec for Microsoft.Security (Microsoft Defender for Cloud) resource provider version: 2023-12-01-preview host: management.azure.com schemes: - https consumes: - application/json produces: - application/json security: - azure_auth: - user_impersonation securityDefinitions: azure_auth: type: oauth2 authorizationUrl: https://login.microsoftonline.com/common/oauth2/authorize flow: implicit description: Azure Active Directory OAuth2 Flow scopes: user_impersonation: impersonate your user account paths: /subscriptions/{subscriptionId}/providers/Microsoft.Security/securityContacts: get: x-ms-examples: List security contact data: $ref: >- ./examples/SecurityContacts/GetSecurityContactsSubscription_example.json tags: - Security Contacts description: List all security contact configurations for the subscription operationId: microsoftAzureSecuritycontactsList parameters: - $ref: ../../../common/v1/types.json#/parameters/ApiVersion - $ref: ../../../common/v1/types.json#/parameters/SubscriptionId responses: '200': description: OK schema: $ref: '#/definitions/SecurityContactList' default: description: Error response describing why the operation failed. schema: $ref: ../../../common/v1/types.json#/definitions/CloudError x-ms-pageable: nextLinkName: nextLink summary: >- Microsoft Azure Get Subscriptions Subscriptionid Providers Microsoft Security Securitycontacts /subscriptions/{subscriptionId}/providers/Microsoft.Security/securityContacts/{securityContactName}: get: x-ms-examples: Get a security contact: $ref: ./examples/SecurityContacts/GetSecurityContact_example.json tags: - Security Contacts description: Get Default Security contact configurations for the subscription operationId: microsoftAzureSecuritycontactsGet parameters: - $ref: ../../../common/v1/types.json#/parameters/ApiVersion - $ref: ../../../common/v1/types.json#/parameters/SubscriptionId - $ref: '#/parameters/SecurityContactName' responses: '200': description: OK schema: $ref: '#/definitions/SecurityContact' default: description: Error response describing why the operation failed. schema: $ref: ../../../common/v1/types.json#/definitions/CloudError summary: >- Microsoft Azure Get Subscriptions Subscriptionid Providers Microsoft Security Securitycontacts Securitycontactname put: x-ms-examples: Create security contact data: $ref: ./examples/SecurityContacts/CreateSecurityContact_example.json tags: - Security Contacts description: Create security contact configurations for the subscription operationId: microsoftAzureSecuritycontactsCreate parameters: - $ref: ../../../common/v1/types.json#/parameters/ApiVersion - $ref: ../../../common/v1/types.json#/parameters/SubscriptionId - $ref: '#/parameters/SecurityContactName' - $ref: '#/parameters/SecurityContact' responses: '200': description: OK schema: $ref: '#/definitions/SecurityContact' '201': description: Created schema: $ref: '#/definitions/SecurityContact' default: description: Error response describing why the operation failed. schema: $ref: ../../../common/v1/types.json#/definitions/CloudError summary: >- Microsoft Azure Put Subscriptions Subscriptionid Providers Microsoft Security Securitycontacts Securitycontactname delete: x-ms-examples: Deletes a security contact data: $ref: ./examples/SecurityContacts/DeleteSecurityContact_example.json tags: - Security Contacts description: Delete security contact configurations for the subscription operationId: microsoftAzureSecuritycontactsDelete parameters: - $ref: ../../../common/v1/types.json#/parameters/ApiVersion - $ref: ../../../common/v1/types.json#/parameters/SubscriptionId - $ref: '#/parameters/SecurityContactName' responses: '200': description: Security contact deleted '204': description: Security contact was not found default: description: Error response describing why the operation failed. schema: $ref: ../../../common/v1/types.json#/definitions/CloudError summary: >- Microsoft Azure Delete Subscriptions Subscriptionid Providers Microsoft Security Securitycontacts Securitycontactname definitions: SecurityContactList: type: object description: List of security contacts response required: - value properties: value: description: List of security contacts type: array items: $ref: '#/definitions/SecurityContact' nextLink: readOnly: true type: string description: The URI to fetch the next page. SecurityContact: type: object description: >- Contact details and configurations for notifications coming from Microsoft Defender for Cloud. properties: properties: x-ms-client-flatten: true description: Security contact data $ref: '#/definitions/SecurityContactProperties' allOf: - $ref: ../../../common/v1/types.json#/definitions/Resource SecurityContactProperties: type: object description: Describes security contact properties properties: emails: type: string description: >- List of email addresses which will get notifications from Microsoft Defender for Cloud by the configurations defined in this security contact. phone: type: string description: The security contact's phone number isEnabled: type: boolean description: Indicates whether the security contact is enabled. notificationsSources: type: array description: A collection of sources types which evaluate the email notification. items: $ref: '#/definitions/NotificationsSource' x-ms-identifiers: [] notificationsByRole: type: object description: >- Defines whether to send email notifications from Microsoft Defender for Cloud to persons with specific RBAC roles on the subscription. properties: state: type: string description: >- Defines whether to send email notifications from AMicrosoft Defender for Cloud to persons with specific RBAC roles on the subscription. enum: - 'On' - 'Off' x-ms-enum: name: state modelAsString: true values: - value: 'On' description: Send notification on new alerts to the subscription's admins - value: 'Off' description: >- Don't send notification on new alerts to the subscription's admins roles: type: array description: >- Defines which RBAC roles will get email notifications from Microsoft Defender for Cloud. List of allowed RBAC roles: items: $ref: '#/definitions/SecurityContactRole' NotificationsSource: type: object description: A valid notification source type discriminator: sourceType required: - sourceType properties: sourceType: type: string description: The source type that will trigger the notification enum: - Alert - AttackPath x-ms-enum: name: sourceType modelAsString: true NotificationsSourceAlert: type: object description: Alert notification source x-ms-discriminator-value: Alert allOf: - $ref: '#/definitions/NotificationsSource' properties: minimalSeverity: type: object $ref: '#/definitions/MinimalSeverity' description: '' MinimalSeverity: type: string description: >- Defines the minimal alert severity which will be sent as email notifications enum: - High - Medium - Low x-ms-enum: name: minimalSeverity modelAsString: true values: - value: High description: Get notifications on new alerts with High severity - value: Medium description: Get notifications on new alerts with Medium or High severity - value: Low description: Get notifications on new alerts with Low, Medium or High severity NotificationsSourceAttackPath: type: object description: Attack path notification source x-ms-discriminator-value: AttackPath allOf: - $ref: '#/definitions/NotificationsSource' properties: minimalRiskLevel: type: object $ref: '#/definitions/MinimalRiskLevel' description: >- Defines the minimal attach path risk level which will be sent as email notifications MinimalRiskLevel: type: string description: >- Defines the minimal attack path risk level which will be sent as email notifications enum: - Critical - High - Medium - Low x-ms-enum: name: minimalRiskLevel modelAsString: true values: - value: Critical description: Get notifications on new attack paths with Critical risk level - value: High description: >- Get notifications on new attack paths with High or Critical risk level - value: Medium description: >- Get notifications on new attach paths with Medium, High or Critical risk level - value: Low description: >- Get notifications on new attach paths with Low, Medium, High or Critical risk level State: type: string description: Defines if email notifications will be sent about new security events enum: - 'On' - 'Off' x-ms-enum: name: state modelAsString: true values: - value: 'On' description: Get notifications on new events - value: 'Off' description: Don't get notifications on new events SecurityContactRole: type: string description: A possible role to configure sending security notification alerts to enum: - AccountAdmin - ServiceAdmin - Owner - Contributor x-ms-enum: name: securityContactRole modelAsString: true values: - value: AccountAdmin description: If enabled, send notification on new alerts to the account admins - value: ServiceAdmin description: If enabled, send notification on new alerts to the service admins - value: Owner description: >- If enabled, send notification on new alerts to the subscription owners - value: Contributor description: >- If enabled, send notification on new alerts to the subscription contributors parameters: SecurityContactName: name: securityContactName type: string enum: - default x-ms-enum: name: securityContactName modelAsString: true values: - value: default description: The single applicable name of the security contact object in: path required: true pattern: ^(default)$ minLength: 7 maxLength: 7 description: Name of the security contact object x-ms-parameter-location: method SecurityContact: name: securityContact in: body required: true description: Security contact object schema: $ref: '#/definitions/SecurityContact' x-ms-parameter-location: method tags: - name: Security Contacts