From 8ebf6338190ca9b576b96ee391e2e3f2efbd146d Mon Sep 17 00:00:00 2001 From: erelh Date: Tue, 21 Apr 2020 12:58:19 +0300 Subject: [PATCH] Onboarding applicationWhitelistings to a new stable API version - 2020-01-01 (#8639) * copy applicationWhitelistings API to new api-version * change applicationWhitelistings API-version to the new stable one * make the GET and PUT objects the same (and add readonly to some fields) * try fix model validation by adding required fields * changing the parameter from definitions to parameters * adding the AppWhitelistingGroup to parameters as well and referencing the definition * try change sub id * remove readonly properties from PUT * remove duplicate APIs from package composite Co-authored-by: erelh --- .../2020-01-01/applicationWhitelistings.json | 589 ++++++++++ ...eleteApplicationWhitelistings_example.json | 13 + ...ApplicationWhitelistingsGroup_example.json | 132 +++ ...tionWhitelistingsSubscription_example.json | 1028 +++++++++++++++++ .../PutApplicationWhitelistings_example.json | 229 ++++ .../security/resource-manager/readme.md | 2 +- 6 files changed, 1992 insertions(+), 1 deletion(-) create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/applicationWhitelistings.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/DeleteApplicationWhitelistings_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/GetApplicationWhitelistingsGroup_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/GetApplicationWhitelistingsSubscription_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/PutApplicationWhitelistings_example.json diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/applicationWhitelistings.json b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/applicationWhitelistings.json new file mode 100644 index 000000000000..891ad2d1a162 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/applicationWhitelistings.json @@ -0,0 +1,589 @@ +{ + "swagger": "2.0", + "info": { + "title": "Security Center", + "description": "API spec for Microsoft.Security (Azure Security Center) resource provider", + "version": "2020-01-01" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/providers/Microsoft.Security/applicationWhitelistings": { + "get": { + "description": "Gets a list of application control VM/server groups for the subscription.", + "operationId": "AdaptiveApplicationControls_List", + "x-ms-examples": { + "Gets a list of application control VM/server groups for the subscription": { + "$ref": "./examples/ApplicationWhitelistings/GetApplicationWhitelistingsSubscription_example.json" + } + }, + "tags": [ + "applicationWhitelistings" + ], + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/IncludePathRecommendations" + }, + { + "$ref": "#/parameters/Summary" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AppWhitelistingGroups" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Security/locations/{ascLocation}/applicationWhitelistings/{groupName}": { + "get": { + "description": "Gets an application control VM/server group.", + "operationId": "AdaptiveApplicationControls_Get", + "x-ms-examples": { + "Gets a configured application control VM/server group": { + "$ref": "./examples/ApplicationWhitelistings/GetApplicationWhitelistingsGroup_example.json" + } + }, + "tags": [ + "applicationWhitelistings" + ], + "produces": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/AscLocation" + }, + { + "$ref": "#/parameters/GroupName" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AppWhitelistingGroup" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "tags": [ + "applicationWhitelistings" + ], + "x-ms-examples": { + "Update an application control VM/server group by adding a new file": { + "$ref": "./examples/ApplicationWhitelistings/PutApplicationWhitelistings_example.json" + } + }, + "description": "Update an application control VM/server group", + "operationId": "AdaptiveApplicationControls_Put", + "consumes": [ + "application/json" + ], + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/AscLocation" + }, + { + "$ref": "#/parameters/GroupName" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "#/parameters/AppWhitelistingGroup" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/AppWhitelistingGroup" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete an application control VM/server group": { + "$ref": "./examples/ApplicationWhitelistings/DeleteApplicationWhitelistings_example.json" + } + }, + "tags": [ + "applicationWhitelistings" + ], + "description": "Delete an application control VM/server group", + "operationId": "AdaptiveApplicationControls_Delete", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/AscLocation" + }, + { + "$ref": "#/parameters/GroupName" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + } + ], + "responses": { + "200": { + "description": "OK - The response indicates that the delete operation completed successfully" + }, + "202": { + "description": "Accepted. The response indicates the delete operation is performed in the background." + }, + "204": { + "description": "No Content. The response indicates the resource is already deleted." + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "AppWhitelistingGroups": { + "type": "object", + "description": "Represents a list of VM/server groups and set of rules that are Recommended by Azure Security Center to be allowed", + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/AppWhitelistingGroup" + } + } + } + }, + "AppWhitelistingGroup": { + "type": "object", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/AppWhitelistingGroupData" + } + }, + "required": [ + "properties" + ], + "allOf": [ + { + "$ref": "../../../common/v1/types.json#/definitions/Resource" + }, + { + "$ref": "../../../common/v1/types.json#/definitions/Location" + } + ] + }, + "AppWhitelistingGroupData": { + "type": "object", + "description": "Represents a VM/server group and set of rules to be allowed running on a machine", + "properties": { + "enforcementMode": { + "$ref": "#/definitions/EnforcementMode" + }, + "protectionMode": { + "$ref": "#/definitions/ProtectionMode" + }, + "configurationStatus": { + "readOnly": true, + "$ref": "#/definitions/ConfigurationStatus" + }, + "recommendationStatus": { + "readOnly": true, + "$ref": "#/definitions/RecommendationStatus" + }, + "issues": { + "readOnly": true, + "$ref": "#/definitions/AppWhitelistingIssuesSummaries" + }, + "sourceSystem": { + "readOnly": true, + "$ref": "#/definitions/SourceSystem" + }, + "vmRecommendations": { + "$ref": "#/definitions/VmRecommendations" + }, + "pathRecommendations": { + "$ref": "#/definitions/PathRecommendations" + } + } + }, + "ConfigurationStatus": { + "type": "string", + "description": "The configuration status of the VM/server group or machine or rule on the machine", + "enum": [ + "Configured", + "NotConfigured", + "InProgress", + "Failed", + "NoStatus" + ] + }, + "EnforcementMode": { + "type": "string", + "description": "The application control policy enforcement/protection mode of the VM/server group", + "enum": [ + "Audit", + "Enforce", + "None" + ] + }, + "EnforcementSupport": { + "type": "string", + "description": "The VM/server supportability of Enforce feature", + "enum": [ + "Supported", + "NotSupported", + "Unknown" + ] + }, + "ProtectionMode": { + "type": "object", + "description": "The protection mode of the collection/file types. Exe/Msi/Script are used for Windows, Executable is used for Linux.", + "properties": { + "exe": { + "$ref": "#/definitions/EnforcementMode" + }, + "msi": { + "$ref": "#/definitions/EnforcementMode" + }, + "script": { + "$ref": "#/definitions/EnforcementMode" + }, + "executable": { + "$ref": "#/definitions/EnforcementMode" + } + } + }, + "RecommendationStatus": { + "type": "string", + "description": "The recommendation status of the VM/server group or VM/server", + "enum": [ + "Recommended", + "NotRecommended", + "NotAvailable", + "NoStatus" + ] + }, + "RecommendationAction": { + "type": "string", + "description": "The recommendation action of the VM/server or rule", + "enum": [ + "Recommended", + "Add", + "Remove" + ] + }, + "RecommendationType": { + "type": "string", + "description": "The type of the rule to be allowed", + "enum": [ + "File", + "FileHash", + "PublisherSignature", + "ProductSignature", + "BinarySignature", + "VersionAndAboveSignature" + ] + }, + "AppWhitelistingIssue": { + "type": "string", + "description": "An alert that VMs/servers within a group can have", + "enum": [ + "ViolationsAudited", + "ViolationsBlocked", + "MsiAndScriptViolationsAudited", + "MsiAndScriptViolationsBlocked", + "ExecutableViolationsAudited", + "RulesViolatedManually" + ] + }, + "FileType": { + "type": "string", + "description": "The type of the file (for Linux files - Executable is used)", + "enum": [ + "Exe", + "Dll", + "Msi", + "Script", + "Executable", + "Unknown" + ] + }, + "SourceSystem": { + "type": "string", + "description": "The source type of the VM/server group", + "enum": [ + "Azure_AppLocker", + "Azure_AuditD", + "NonAzure_AppLocker", + "NonAzure_AuditD", + "None" + ] + }, + "AppWhitelistingIssueSummary": { + "type": "object", + "description": "Represents a summary of the alerts of the VM/server group", + "properties": { + "issue": { + "$ref": "#/definitions/AppWhitelistingIssue" + }, + "numberOfVms": { + "type": "number", + "description": "The number of machines in the VM/server group that have this alert" + } + } + }, + "AppWhitelistingIssuesSummaries": { + "type": "array", + "items": { + "$ref": "#/definitions/AppWhitelistingIssueSummary" + } + }, + "VmRecommendations": { + "type": "array", + "items": { + "$ref": "#/definitions/VmRecommendation" + } + }, + "VmRecommendation": { + "type": "object", + "description": "Represents a machine that is part of a VM/server group", + "properties": { + "configurationStatus": { + "$ref": "#/definitions/ConfigurationStatus" + }, + "recommendationAction": { + "$ref": "#/definitions/RecommendationAction" + }, + "resourceId": { + "$ref": "#/definitions/VmResourceId" + }, + "enforcementSupport": { + "$ref": "#/definitions/EnforcementSupport" + } + } + }, + "PublisherInfo": { + "type": "object", + "description": "Represents the publisher information of a process/rule", + "properties": { + "publisherName": { + "type": "string", + "description": "The Subject field of the x.509 certificate used to sign the code, using the following fields - O = Organization, L = Locality, S = State or Province, and C = Country", + "example": "O=GOOGLE INC, L=MOUNTAIN VIEW, S=CALIFORNIA, C=US" + }, + "productName": { + "type": "string", + "description": "The product name taken from the file's version resource", + "example": "GOOGLE CHROME" + }, + "binaryName": { + "type": "string", + "description": "The \"OriginalName\" field taken from the file's version resource", + "example": "CHROME.EXE" + }, + "version": { + "type": "string", + "description": "The binary file version taken from the file's version resource", + "example": "66.0.3359.139" + } + } + }, + "UserRecommendation": { + "type": "object", + "description": "Represents a user that is recommended to be allowed for a certain rule", + "properties": { + "username": { + "type": "string", + "description": "Represents a user that is recommended to be allowed for a certain rule", + "example": "LOCAL SYSTEM" + }, + "recommendationAction": { + "$ref": "#/definitions/RecommendationAction" + } + } + }, + "PathRecommendations": { + "type": "array", + "items": { + "$ref": "#/definitions/PathRecommendation" + } + }, + "PathRecommendation": { + "type": "object", + "description": "Represents a path that is recommended to be allowed and its properties", + "properties": { + "path": { + "type": "string", + "description": "The full path to whitelist", + "example": "C:\\Windows\\System32\\calc.exe" + }, + "action": { + "$ref": "#/definitions/RecommendationAction" + }, + "type": { + "$ref": "#/definitions/RecommendationType" + }, + "publisherInfo": { + "$ref": "#/definitions/PublisherInfo" + }, + "common": { + "type": "boolean", + "description": "Whether the path is commonly run on the machine" + }, + "userSids": { + "type": "array", + "items": { + "type": "string", + "description": "A security identifier", + "example": "S-1-5-18" + } + }, + "usernames": { + "type": "array", + "items": { + "$ref": "#/definitions/UserRecommendation" + } + }, + "fileType": { + "$ref": "#/definitions/FileType" + }, + "configurationStatus": { + "$ref": "#/definitions/ConfigurationStatus" + } + } + }, + "GroupResourceId": { + "type": "string", + "description": "The azure resource id of the application control VM/server group", + "example": "/subscriptions/12345678-1234-1234-1234-123456789123/providers/Microsoft.Security/applicationWhitelistings/GROUP1" + }, + "VmResourceId": { + "type": "string", + "description": "The full azure resource id of the machine", + "example": "/subscriptions/12345678-1234-1234-1234-123456789123/resourcegroups/group/providers/microsoft.compute/virtualmachines/vm" + }, + "AppWhitelistingResourceType": { + "type": "string", + "description": "The resource type of the application control resources", + "example": "Microsoft.Security/applicationWhitelistings" + } + }, + "parameters": { + "GroupName": { + "name": "groupName", + "in": "path", + "description": "Name of an application control VM/server group", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "IncludePathRecommendations": { + "name": "includePathRecommendations", + "in": "query", + "description": "Include the policy rules", + "type": "boolean", + "required": false, + "enum": [ + false, + true + ], + "x-ms-parameter-location": "method" + }, + "Summary": { + "name": "summary", + "in": "query", + "description": "Return output in a summarized form", + "type": "boolean", + "required": false, + "enum": [ + false, + true + ], + "x-ms-parameter-location": "method" + }, + "AppWhitelistingGroup": { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/AppWhitelistingGroup" + }, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/DeleteApplicationWhitelistings_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/DeleteApplicationWhitelistings_example.json new file mode 100644 index 000000000000..bd31aa457af2 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/DeleteApplicationWhitelistings_example.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "groupName": "GROUP1", + "ascLocation": "centralus" + }, + "responses": { + "200": {}, + "202": {}, + "204": {} + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/GetApplicationWhitelistingsGroup_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/GetApplicationWhitelistingsGroup_example.json new file mode 100644 index 000000000000..1270432ac816 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/GetApplicationWhitelistingsGroup_example.json @@ -0,0 +1,132 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "ascLocation": "centralus", + "groupName": "ERELGROUP1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/ERELGROUP1", + "name": "ERELGROUP1", + "type": "Microsoft.Security/applicationWhitelistings", + "location": "centralus", + "properties": { + "recommendationStatus": "Recommended", + "enforcementMode": "Audit", + "protectionMode": { + "exe": "Audit", + "msi": "Audit", + "script": "None" + }, + "vmRecommendations": [ + { + "configurationStatus": "Configured", + "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-stable/providers/microsoft.compute/virtualmachines/erelh-16090", + "recommendationAction": "Recommended", + "enforcementSupport": "Supported" + }, + { + "configurationStatus": "Configured", + "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/matanvs/providers/microsoft.compute/virtualmachines/matanvs19", + "recommendationAction": "Recommended", + "enforcementSupport": "Supported" + } + ], + "pathRecommendations": [ + { + "path": "[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0", + "type": "PublisherSignature", + "publisherInfo": { + "publisherName": "O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US", + "productName": "*", + "binaryName": "*", + "version": "0.0.0.0" + }, + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "Everyone", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Exe", + "configurationStatus": "Configured" + }, + { + "path": "%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE", + "type": "ProductSignature", + "publisherInfo": { + "publisherName": "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN", + "productName": "MICROSOFT® COREXT", + "binaryName": "*", + "version": "0.0.0.0" + }, + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "NT AUTHORITY\\SYSTEM", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Exe", + "configurationStatus": "Configured" + }, + { + "path": "%OSDRIVE%\\WINDOWSAZURE\\PACKAGES_201973_7415\\COLLECTGUESTLOGS.EXE", + "type": "PublisherSignature", + "publisherInfo": { + "publisherName": "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN", + "productName": "*", + "binaryName": "*", + "version": "0.0.0.0" + }, + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "NT AUTHORITY\\SYSTEM", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Exe", + "configurationStatus": "Configured" + }, + { + "path": "C:\\directory\\file.exe", + "type": "File", + "common": true, + "action": "Add", + "usernames": [ + { + "username": "Everyone", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Exe", + "configurationStatus": "Configured" + } + ], + "configurationStatus": "Configured", + "issues": [], + "sourceSystem": "Azure_AppLocker" + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/GetApplicationWhitelistingsSubscription_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/GetApplicationWhitelistingsSubscription_example.json new file mode 100644 index 000000000000..e61f53c406f4 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/GetApplicationWhitelistingsSubscription_example.json @@ -0,0 +1,1028 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "includePathRecommendations": true, + "summary": false + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/AMIT-VA", + "name": "AMIT-VA", + "type": "Microsoft.Security/applicationWhitelistings", + "location": "centralus", + "properties": { + "recommendationStatus": "Recommended", + "enforcementMode": "Audit", + "protectionMode": { + "exe": "Audit", + "msi": "Audit", + "script": "None" + }, + "vmRecommendations": [ + { + "configurationStatus": "Configured", + "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-dsc/providers/microsoft.compute/virtualmachines/erelh-14011", + "recommendationAction": "Recommended", + "enforcementSupport": "Supported" + }, + { + "configurationStatus": "Configured", + "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/amit-va/providers/microsoft.compute/virtualmachines/ream-test", + "recommendationAction": "Recommended", + "enforcementSupport": "Supported" + }, + { + "configurationStatus": "Configured", + "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/v-arrikl-scheduledapps/providers/microsoft.compute/virtualmachines/v-arrikl-14060", + "recommendationAction": "Recommended", + "enforcementSupport": "Supported" + } + ], + "pathRecommendations": [ + { + "path": "C:\\Windows\\SoftwareDistribution\\Download\\Install\\Windows-KB890830-x64-V5.53-delta.exe", + "type": "File", + "common": true, + "action": "Remove", + "usernames": [ + { + "username": "LOCAL SYSTEM", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-5-18" + ], + "fileType": "Exe", + "configurationStatus": "NoStatus" + }, + { + "path": "C:\\WindowsAzure\\GuestAgent_2.7.1198.822\\CollectGuestLogs.exe", + "type": "File", + "common": true, + "action": "Remove", + "usernames": [ + { + "username": "LOCAL SYSTEM", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-5-18" + ], + "fileType": "Exe", + "configurationStatus": "NoStatus" + }, + { + "path": "C:\\Windows\\System32\\wbem\\WmiPrvSE.exe", + "type": "PublisherSignature", + "publisherInfo": { + "publisherName": "O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US", + "productName": "*", + "binaryName": "*", + "version": "0.0.0.0" + }, + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "Everyone", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-5-18", + "S-1-1-0" + ], + "fileType": "Exe", + "configurationStatus": "Configured" + }, + { + "path": "%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE", + "type": "File", + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "Everyone", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Exe", + "configurationStatus": "Configured" + } + ], + "configurationStatus": "Configured", + "issues": [], + "sourceSystem": "Azure_AppLocker" + } + }, + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/ERELGROUP1", + "name": "ERELGROUP1", + "type": "Microsoft.Security/applicationWhitelistings", + "location": "centralus", + "properties": { + "recommendationStatus": "Recommended", + "enforcementMode": "Audit", + "protectionMode": { + "exe": "Audit", + "msi": "None", + "script": "None" + }, + "vmRecommendations": [ + { + "configurationStatus": "Configured", + "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-stable/providers/microsoft.compute/virtualmachines/erelh-16090", + "recommendationAction": "Recommended", + "enforcementSupport": "NotSupported" + } + ], + "pathRecommendations": [ + { + "path": "[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0", + "type": "PublisherSignature", + "publisherInfo": { + "publisherName": "O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US", + "productName": "*", + "binaryName": "*", + "version": "0.0.0.0" + }, + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "Everyone", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Exe", + "configurationStatus": "Configured" + } + ], + "configurationStatus": "Configured", + "issues": [], + "sourceSystem": "Azure_AppLocker" + } + }, + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/GROUP1", + "name": "GROUP1", + "type": "Microsoft.Security/applicationWhitelistings", + "location": "centralus", + "properties": { + "recommendationStatus": "Recommended", + "enforcementMode": "Audit", + "protectionMode": { + "exe": "Audit", + "msi": "None", + "script": "None" + }, + "vmRecommendations": [ + { + "configurationStatus": "Configured", + "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/talk-va/providers/microsoft.compute/virtualmachines/tal-win-vm", + "recommendationAction": "Recommended", + "enforcementSupport": "Supported" + }, + { + "configurationStatus": "Configured", + "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/talk-va/providers/microsoft.compute/virtualmachines/tal-win-vm-jit", + "recommendationAction": "Recommended", + "enforcementSupport": "Supported" + }, + { + "configurationStatus": "Configured", + "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/myresourcegroup/providers/microsoft.compute/virtualmachines/myvmweb", + "recommendationAction": "Recommended", + "enforcementSupport": "Supported" + }, + { + "configurationStatus": "Configured", + "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/v-arrikl-scheduledapps/providers/microsoft.compute/virtualmachines/v-arrikl-14061", + "recommendationAction": "Recommended", + "enforcementSupport": "Supported" + } + ], + "pathRecommendations": [ + { + "path": "[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0", + "type": "PublisherSignature", + "publisherInfo": { + "publisherName": "O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US", + "productName": "*", + "binaryName": "*", + "version": "0.0.0.0" + }, + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "Everyone", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Exe", + "configurationStatus": "Configured" + }, + { + "path": "%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE", + "type": "ProductSignature", + "publisherInfo": { + "publisherName": "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN", + "productName": "MICROSOFT® COREXT", + "binaryName": "*", + "version": "0.0.0.0" + }, + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "NT AUTHORITY\\SYSTEM", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Exe", + "configurationStatus": "Configured" + }, + { + "path": "%PROGRAMFILES%\\RAPID7\\INSIGHT AGENT\\COMPONENTS\\INSIGHT_AGENT\\2.6.7.9\\GET_PROXY.EXE", + "type": "PublisherSignature", + "publisherInfo": { + "publisherName": "O=RAPID7 LLC, L=BOSTON, S=MASSACHUSETTS, C=US", + "productName": "*", + "binaryName": "*", + "version": "0.0.0.0" + }, + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "NT AUTHORITY\\SYSTEM", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Exe", + "configurationStatus": "Configured" + }, + { + "path": "%PROGRAMFILES%\\GOOGLE\\CHROME\\APPLICATION\\CHROME.EXE", + "type": "ProductSignature", + "publisherInfo": { + "publisherName": "O=GOOGLE LLC, L=MOUNTAIN VIEW, S=CA, C=US", + "productName": "GOOGLE CHROME", + "binaryName": "*", + "version": "0.0.0.0" + }, + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "NT AUTHORITY\\SYSTEM", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Exe", + "configurationStatus": "Configured" + }, + { + "path": "O=GOOGLE INC, L=MOUNTAIN VIEW, S=CALIFORNIA, C=US\\GOOGLE UPDATE\\*\\0.0.0.0", + "type": "ProductSignature", + "publisherInfo": { + "publisherName": "O=GOOGLE INC, L=MOUNTAIN VIEW, S=CALIFORNIA, C=US", + "productName": "GOOGLE UPDATE", + "binaryName": "*", + "version": "0.0.0.0" + }, + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "NT AUTHORITY\\SYSTEM", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Exe", + "configurationStatus": "Configured" + } + ], + "configurationStatus": "Configured", + "issues": [], + "sourceSystem": "Azure_AppLocker" + } + }, + { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/locations/westeurope/applicationWhitelistings/GROUP1", + "name": "GROUP1", + "type": "Microsoft.Security/applicationWhitelistings", + "location": "westeurope", + "properties": { + "recommendationStatus": "Recommended", + "enforcementMode": "Audit", + "protectionMode": { + "executable": "Audit" + }, + "vmRecommendations": [ + { + "configurationStatus": "Configured", + "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/nic-no-pip/providers/microsoft.compute/virtualmachines/nic-no-pip-vm", + "recommendationAction": "Recommended", + "enforcementSupport": "Unknown" + } + ], + "pathRecommendations": [ + { + "path": "/sbin/init", + "type": "File", + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "root", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Executable", + "configurationStatus": "Configured" + }, + { + "path": "/sbin/upstart-udev-bridge", + "type": "File", + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "root", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Executable", + "configurationStatus": "Configured" + }, + { + "path": "/lib/systemd/systemd-udevd", + "type": "File", + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "root", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Executable", + "configurationStatus": "Configured" + }, + { + "path": "/sbin/upstart-socket-bridge", + "type": "File", + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "root", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Executable", + "configurationStatus": "Configured" + }, + { + "path": "/sbin/dhclient", + "type": "File", + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "root", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Executable", + "configurationStatus": "Configured" + }, + { + "path": "/usr/bin/python3.4", + "type": "File", + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "root", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Executable", + "configurationStatus": "Configured" + }, + { + "path": "/sbin/upstart-file-bridge", + "type": "File", + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "root", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Executable", + "configurationStatus": "Configured" + }, + { + "path": "/bin/dbus-daemon", + "type": "File", + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "messagebus", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Executable", + "configurationStatus": "Configured" + }, + { + "path": "/lib/systemd/systemd-logind", + "type": "File", + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "root", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Executable", + "configurationStatus": "Configured" + }, + { + "path": "/sbin/getty", + "type": "File", + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "root", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Executable", + "configurationStatus": "Configured" + }, + { + "path": "/usr/sbin/atd", + "type": "File", + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "root", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Executable", + "configurationStatus": "Configured" + }, + { + "path": "/usr/sbin/cron", + "type": "File", + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "root", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Executable", + "configurationStatus": "Configured" + }, + { + "path": "/usr/sbin/acpid", + "type": "File", + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "root", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Executable", + "configurationStatus": "Configured" + }, + { + "path": "/usr/sbin/sshd", + "type": "File", + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "root", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Executable", + "configurationStatus": "Configured" + }, + { + "path": "/usr/lib/linux-lts-xenial-tools-4.4.0-103/hv_vss_daemon", + "type": "File", + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "root", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Executable", + "configurationStatus": "Configured" + }, + { + "path": "/usr/lib/linux-lts-xenial-tools-4.4.0-103/hv_kvp_daemon", + "type": "File", + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "root", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Executable", + "configurationStatus": "Configured" + }, + { + "path": "/usr/sbin/nscd", + "type": "File", + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "unscd", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Executable", + "configurationStatus": "Configured" + }, + { + "path": "/usr/sbin/ntpd", + "type": "File", + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "ntp", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Executable", + "configurationStatus": "Configured" + }, + { + "path": "/opt/microsoft/auoms/bin/auomscollect", + "type": "File", + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "root", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Executable", + "configurationStatus": "Configured" + }, + { + "path": "/opt/omi/bin/omiserver", + "type": "File", + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "root", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Executable", + "configurationStatus": "Configured" + }, + { + "path": "/opt/omi/bin/omiengine", + "type": "File", + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "omi", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Executable", + "configurationStatus": "Configured" + }, + { + "path": "/opt/omi/bin/omiagent", + "type": "File", + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "root", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Executable", + "configurationStatus": "Configured" + }, + { + "path": "/usr/sbin/rsyslogd", + "type": "File", + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "syslog", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Executable", + "configurationStatus": "Configured" + }, + { + "path": "/usr/bin/python2.7", + "type": "File", + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "root", + "recommendationAction": "Recommended" + }, + { + "username": "omsagent", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Executable", + "configurationStatus": "Configured" + }, + { + "path": "/opt/microsoft/omsagent/ruby/bin/ruby", + "type": "File", + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "omsagent", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Executable", + "configurationStatus": "Configured" + }, + { + "path": "/opt/microsoft/auoms/bin/auoms", + "type": "File", + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "root", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Executable", + "configurationStatus": "Configured" + }, + { + "path": "/usr/local/qualys/cloud-agent/bin/qualys-cloud-agent", + "type": "File", + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "root", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Executable", + "configurationStatus": "Configured" + }, + { + "path": "/bin/dash", + "type": "File", + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "omsagent", + "recommendationAction": "Recommended" + }, + { + "username": "root", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Executable", + "configurationStatus": "Configured" + }, + { + "path": "/bin/sleep", + "type": "File", + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "omsagent", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Executable", + "configurationStatus": "Configured" + }, + { + "path": "/opt/dsc/bin/dsc_host", + "type": "File", + "common": false, + "action": "Recommended", + "usernames": [ + { + "username": "omsagent", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Executable", + "configurationStatus": "Configured" + }, + { + "path": "/usr/bin/sudo", + "type": "File", + "common": false, + "action": "Recommended", + "usernames": [ + { + "username": "root", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Executable", + "configurationStatus": "Configured" + }, + { + "path": "/bin/bash", + "type": "File", + "common": false, + "action": "Recommended", + "usernames": [ + { + "username": "root", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Executable", + "configurationStatus": "Configured" + }, + { + "path": "/usr/bin/apt-get", + "type": "File", + "common": false, + "action": "Recommended", + "usernames": [ + { + "username": "root", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Executable", + "configurationStatus": "Configured" + }, + { + "path": "/usr/lib/apt/methods/http", + "type": "File", + "common": false, + "action": "Recommended", + "usernames": [ + { + "username": "root", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Executable", + "configurationStatus": "Configured" + }, + { + "path": "/usr/lib/apt/methods/gpgv", + "type": "File", + "common": false, + "action": "Recommended", + "usernames": [ + { + "username": "root", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Executable", + "configurationStatus": "Configured" + }, + { + "path": "/usr/lib/apt/methods/copy", + "type": "File", + "common": false, + "action": "Recommended", + "usernames": [ + { + "username": "root", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Executable", + "configurationStatus": "Configured" + }, + { + "path": "/usr/bin/pgrep", + "type": "File", + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "omsagent", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Executable", + "configurationStatus": "Configured" + }, + { + "path": "/opt/microsoft/omsconfig/bin/omsconsistencyinvoker", + "type": "File", + "common": false, + "action": "Recommended", + "usernames": [ + { + "username": "omsagent", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Executable", + "configurationStatus": "Configured" + } + ], + "configurationStatus": "Configured", + "issues": [ + { + "issue": "ExecutableViolationsAudited", + "numberOfVms": 1 + } + ], + "sourceSystem": "Azure_AuditD" + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/PutApplicationWhitelistings_example.json b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/PutApplicationWhitelistings_example.json new file mode 100644 index 000000000000..043e6895f54c --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/PutApplicationWhitelistings_example.json @@ -0,0 +1,229 @@ +{ + "parameters": { + "api-version": "2020-01-01", + "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23", + "ascLocation": "centralus", + "groupName": "ERELGROUP1", + "body": { + "properties": { + "enforcementMode": "Audit", + "protectionMode": { + "exe": "Audit", + "msi": "None", + "script": "None" + }, + "vmRecommendations": [ + { + "configurationStatus": "Configured", + "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-stable/providers/microsoft.compute/virtualmachines/erelh-16090", + "recommendationAction": "Recommended", + "enforcementSupport": "Supported" + }, + { + "configurationStatus": "Configured", + "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/matanvs/providers/microsoft.compute/virtualmachines/matanvs19", + "recommendationAction": "Recommended", + "enforcementSupport": "Supported" + } + ], + "pathRecommendations": [ + { + "path": "[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0", + "type": "PublisherSignature", + "publisherInfo": { + "publisherName": "O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US", + "productName": "*", + "binaryName": "*", + "version": "0.0.0.0" + }, + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "Everyone", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Exe", + "configurationStatus": "Configured" + }, + { + "path": "%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE", + "type": "ProductSignature", + "publisherInfo": { + "publisherName": "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN", + "productName": "MICROSOFT® COREXT", + "binaryName": "*", + "version": "0.0.0.0" + }, + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "NT AUTHORITY\\SYSTEM", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Exe", + "configurationStatus": "Configured" + }, + { + "path": "%OSDRIVE%\\WINDOWSAZURE\\PACKAGES_201973_7415\\COLLECTGUESTLOGS.EXE", + "type": "PublisherSignature", + "publisherInfo": { + "publisherName": "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN", + "productName": "*", + "binaryName": "*", + "version": "0.0.0.0" + }, + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "NT AUTHORITY\\SYSTEM", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Exe", + "configurationStatus": "Configured" + }, + { + "path": "C:\\directory\\file.exe", + "action": "Add", + "type": "File", + "common": true + } + ] + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/ERELGROUP1", + "name": "ERELGROUP1", + "type": "Microsoft.Security/applicationWhitelistings", + "location": "centralus", + "properties": { + "recommendationStatus": "Recommended", + "enforcementMode": "Audit", + "protectionMode": { + "exe": "Audit", + "msi": "None", + "script": "None" + }, + "vmRecommendations": [ + { + "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-stable/providers/microsoft.compute/virtualmachines/erelh-16090", + "recommendationAction": "Recommended" + }, + { + "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/matanvs/providers/microsoft.compute/virtualmachines/matanvs19", + "recommendationAction": "Recommended" + } + ], + "pathRecommendations": [ + { + "path": "[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0", + "type": "PublisherSignature", + "publisherInfo": { + "publisherName": "O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US", + "productName": "*", + "binaryName": "*", + "version": "0.0.0.0" + }, + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "Everyone", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Exe", + "configurationStatus": "Configured" + }, + { + "path": "%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE", + "type": "ProductSignature", + "publisherInfo": { + "publisherName": "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN", + "productName": "MICROSOFT® COREXT", + "binaryName": "*", + "version": "0.0.0.0" + }, + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "NT AUTHORITY\\SYSTEM", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Exe", + "configurationStatus": "Configured" + }, + { + "path": "%OSDRIVE%\\WINDOWSAZURE\\PACKAGES_201973_7415\\COLLECTGUESTLOGS.EXE", + "type": "PublisherSignature", + "publisherInfo": { + "publisherName": "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN", + "productName": "*", + "binaryName": "*", + "version": "0.0.0.0" + }, + "common": true, + "action": "Recommended", + "usernames": [ + { + "username": "NT AUTHORITY\\SYSTEM", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Exe", + "configurationStatus": "Configured" + }, + { + "path": "C:\\directory\\file.exe", + "type": "File", + "common": true, + "action": "Add", + "usernames": [ + { + "username": "Everyone", + "recommendationAction": "Recommended" + } + ], + "userSids": [ + "S-1-1-0" + ], + "fileType": "Exe", + "configurationStatus": "NotConfigured" + } + ], + "configurationStatus": "InProgress", + "issues": [], + "sourceSystem": "Azure_AppLocker" + } + } + } + } +} diff --git a/specification/security/resource-manager/readme.md b/specification/security/resource-manager/readme.md index f91a045107ec..d373b7717cd9 100644 --- a/specification/security/resource-manager/readme.md +++ b/specification/security/resource-manager/readme.md @@ -141,7 +141,6 @@ input-file: - Microsoft.Security/stable/2019-08-01/iotSecuritySolutionAnalytics.json - Microsoft.Security/preview/2015-06-01-preview/discoveredSecuritySolutions.json - Microsoft.Security/preview/2015-06-01-preview/externalSecuritySolutions.json -- Microsoft.Security/preview/2015-06-01-preview/applicationWhitelistings.json - Microsoft.Security/preview/2015-06-01-preview/locations.json - Microsoft.Security/preview/2015-06-01-preview/operations.json - Microsoft.Security/preview/2015-06-01-preview/tasks.json @@ -156,6 +155,7 @@ input-file: - Microsoft.Security/preview/2019-01-01-preview/automations.json - Microsoft.Security/stable/2020-01-01/assessmentMetadata.json - Microsoft.Security/stable/2020-01-01/assessments.json +- Microsoft.Security/stable/2020-01-01/applicationWhitelistings.json - Microsoft.Security/stable/2020-01-01/adaptiveNetworkHardenings.json - Microsoft.Security/stable/2020-01-01/allowedConnections.json - Microsoft.Security/stable/2020-01-01/topologies.json