Package-level declarations
Types
Represents a summary of the alerts of the machine group
Properties of the additional workspaces.
Links relevant to the assessment
The result of the assessment
describe the properties of a security assessment object reference (by key)
describe the properties of a of a security standard object reference
Additional data about the assignment
The target Event Hub to which event data will be exported. To learn more about Microsoft Defender for Cloud continuous export capabilities, visit https://aka.ms/ASCExportLearnMore
The logic app action that should be triggered. To learn more about Microsoft Defender for Cloud's Workflow Automation capabilities, visit https://aka.ms/ASCWorkflowAutomationLearnMore
The Log Analytics Workspace to which event data will be exported. Security alerts data will reside in the 'SecurityAlert' table and the assessments data will reside in the 'SecurityRecommendation' table (under the 'Security'/'SecurityCenterFree' solutions). Note that in order to view the data in the workspace, the Security Center Log Analytics free/standard solution needs to be enabled on that workspace. To learn more about Microsoft Defender for Cloud continuous export capabilities, visit https://aka.ms/ASCExportLearnMore
A rule set which evaluates all its rules upon an event interception. Only when all the included rules in the rule set will be evaluated as 'true', will the event trigger the defined actions.
A single automation scope.
The source event types which evaluate the security automation set of rules. For example - security alerts and security assessments. To learn more about the supported security events data models schemas - please visit https://aka.ms/ASCAutomationSchemas.
A rule which is evaluated upon event interception. The rule is configured by comparing a specific value from the event model to an expected value. This comparison is done by using one of the supported operators set.
AWS cloud account connector based assume role, the role enables delegating access to your AWS resources. The role is composed of role Amazon Resource Name (ARN) and external ID. For more details, refer to Creating a Role to Delegate Permissions to an IAM User (write only)
AWS cloud account connector based credentials, the credentials is composed of access key ID and secret key, for more details, refer to Creating an IAM User in Your AWS Account (write only)
Details of the Azure resource that was assessed
The CSPM monitoring for AWS offering configurations
The native cloud connection configuration
The Defender for Containers AWS offering configurations
The cloudwatch to kinesis connection configuration
The kinesis to s3 connection configuration
The kubernetes to scuba connection configuration
The kubernetes service connection configuration
The Defender for Servers AWS offering configurations
The ARC autoprovisioning configuration
The Defender for servers connection configuration
Metadata of Service Principal secret for autoprovisioning
GCP cloud account connector based service to service credentials, the credentials are composed of the organization ID and a JSON API key (write only)
The Advanced Threat Protection resource.
Describes the suppression rule
Security assessment metadata
Security assessment on a resource
Security Assignment on a resource group over a given scope
The security automation resource.
The connector setting
Custom Assessment Automation
Custom entity store assignment
The device security group resource
Configures how to correlate scan data and logs with resources associated with the subscription.
IoT Security solution configuration and resource information.
The security connector resource.
Contact details and configurations for notifications coming from Microsoft Defender for Cloud.
Describes the server vulnerability assessment details on a resource
Rule results.
Security Standard on a resource
Settings for hybrid compute management
The information protection for AWS offering configurations
The native cloud connection configuration
Connection string for ingesting security data and logs
Connection string for ingesting security data and logs
Configures how to correlate scan data and logs with resources associated with the subscription.
Represents a path that is recommended to be allowed and its properties
The protection mode of the collection/file types. Exe/Msi/Script are used for Windows, Executable is used for Linux.
For a non-Azure machine that is not connected directly to the internet, specify a proxy server that the non-Azure machine can use.
Represents the publisher information of a process/rule
The type of IoT Security recommendation.
Rule results properties.
A more specific scope used to identify the alerts to suppress.
Describes the partner that created the assessment
Describes properties of an assessment metadata.
Data regarding 3rd party partner integration
Defines whether to send email notifications about new security alerts
Defines whether to send email notifications from Microsoft Defender for Cloud to persons with specific RBAC roles on the subscription.
Details of the service principal.
Describes properties of an component as related to the standard
Metadata pertaining to creation and last modification of the resource.
A custom alert rule that checks if the number of activities (depends on the custom alert type) in a time window is within the given range.
Properties of the IoT Security solution's user defined resources.
Represents a user that is recommended to be allowed for a certain rule
Represents a machine that is part of a machine group