Alerts - Simulate

Referentie

Service:: Defender for Cloud

API-versie:: 2022-01-01

Beveiligingswaarschuwingen simuleren

POST https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Security/locations/{ascLocation}/alerts/default/simulate?api-version=2022-01-01

URI-parameters

Name In Vereist Type Description

Name	In	Vereist	Type	Description
ascLocation	path	True	string	De locatie waar ASC de gegevens van het abonnement opslaat. kan worden opgehaald uit Get-locaties
subscriptionId	path	True	string	Azure-abonnements-id Regex-patroon: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`
api-version	query	True	string	API-versie voor de bewerking

ascLocation

path

True

string

De locatie waar ASC de gegevens van het abonnement opslaat. kan worden opgehaald uit Get-locaties

subscriptionId

path

True

string

Azure-abonnements-id

Regex-patroon: ^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$

api-version

query

True

string

API-versie voor de bewerking

Aanvraagbody

Name	Type	Description
properties	AlertSimulatorRequestProperties: AlertSimulatorBundlesRequestProperties	Waarschuwingssimulator vraagt hoofdtekstgegevens aan.

Antwoorden

Name	Type	Description
202 Accepted		Geaccepteerd
Other Status Codes	CloudError	Foutreactie waarin wordt beschreven waarom de bewerking is mislukt.

Beveiliging

azure_auth

Azure Active Directory OAuth2-stroom

Type: oauth2
Stroom: implicit
Autorisatie-URL: https://login.microsoftonline.com/common/oauth2/authorize

Bereiken

Name	Description
user_impersonation	Uw gebruikersaccount imiteren

Voorbeelden

Simulate security alerts on a subscription

Voorbeeldaanvraag

POST https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/locations/centralus/alerts/default/simulate?api-version=2022-01-01

{
  "properties": {
    "kind": "Bundles",
    "bundles": [
      "AppServices",
      "DNS",
      "KeyVaults",
      "KubernetesService",
      "ResourceManager",
      "SqlServers",
      "StorageAccounts",
      "VirtualMachines",
      "CosmosDbs"
    ]
  }
}


import com.azure.resourcemanager.security.models.AlertSimulatorBundlesRequestProperties;
import com.azure.resourcemanager.security.models.AlertSimulatorRequestBody;
import com.azure.resourcemanager.security.models.BundleType;
import java.util.Arrays;

/**
 * Samples for Alerts Simulate.
 */
public final class Main {
    /*
     * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2022-01-01/examples/Alerts/
     * SimulateAlerts_example.json
     */
    /**
     * Sample code: Simulate security alerts on a subscription.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void
        simulateSecurityAlertsOnASubscription(com.azure.resourcemanager.security.SecurityManager manager) {
        manager.alerts().simulate("centralus",
            new AlertSimulatorRequestBody().withProperties(new AlertSimulatorBundlesRequestProperties()
                .withBundles(Arrays.asList(BundleType.APP_SERVICES, BundleType.DNS, BundleType.KEY_VAULTS,
                    BundleType.KUBERNETES_SERVICE, BundleType.RESOURCE_MANAGER, BundleType.SQL_SERVERS,
                    BundleType.STORAGE_ACCOUNTS, BundleType.VIRTUAL_MACHINES, BundleType.COSMOS_DBS))),
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/stable/2022-01-01/examples/Alerts/SimulateAlerts_example.json
func ExampleAlertsClient_BeginSimulate() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewAlertsClient().BeginSimulate(ctx, "centralus", armsecurity.AlertSimulatorRequestBody{
		Properties: &armsecurity.AlertSimulatorBundlesRequestProperties{
			Kind: to.Ptr(armsecurity.KindBundles),
			Bundles: []*armsecurity.BundleType{
				to.Ptr(armsecurity.BundleTypeAppServices),
				to.Ptr(armsecurity.BundleTypeDNS),
				to.Ptr(armsecurity.BundleTypeKeyVaults),
				to.Ptr(armsecurity.BundleTypeKubernetesService),
				to.Ptr(armsecurity.BundleTypeResourceManager),
				to.Ptr(armsecurity.BundleTypeSQLServers),
				to.Ptr(armsecurity.BundleTypeStorageAccounts),
				to.Ptr(armsecurity.BundleTypeVirtualMachines),
				to.Ptr(armsecurity.BundleTypeCosmosDbs)},
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	_, err = poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Simulate security alerts
 *
 * @summary Simulate security alerts
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2022-01-01/examples/Alerts/SimulateAlerts_example.json
 */
async function simulateSecurityAlertsOnASubscription() {
  const subscriptionId =
    process.env["SECURITY_SUBSCRIPTION_ID"] || "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
  const ascLocation = "centralus";
  const alertSimulatorRequestBody = {
    properties: {
      bundles: [
        "AppServices",
        "DNS",
        "KeyVaults",
        "KubernetesService",
        "ResourceManager",
        "SqlServers",
        "StorageAccounts",
        "VirtualMachines",
        "CosmosDbs",
      ],
      kind: "Bundles",
    },
  };
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential, subscriptionId);
  const result = await client.alerts.beginSimulateAndWait(ascLocation, alertSimulatorRequestBody);
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/stable/2022-01-01/examples/Alerts/SimulateAlerts_example.json
// this example is just showing the usage of "Alerts_Simulate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this SecurityCenterLocationResource created on azure
// for more information of creating SecurityCenterLocationResource, please refer to the document of SecurityCenterLocationResource
string subscriptionId = "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
AzureLocation ascLocation = new AzureLocation("centralus");
ResourceIdentifier securityCenterLocationResourceId = SecurityCenterLocationResource.CreateResourceIdentifier(subscriptionId, ascLocation);
SecurityCenterLocationResource securityCenterLocation = client.GetSecurityCenterLocationResource(securityCenterLocationResourceId);

// get the collection of this SubscriptionSecurityAlertResource
SubscriptionSecurityAlertCollection collection = securityCenterLocation.GetSubscriptionSecurityAlerts();

// invoke the operation
SecurityAlertSimulatorContent content = new SecurityAlertSimulatorContent()
{
    Properties = new SecurityAlertSimulatorBundlesRequestProperties()
    {
        Bundles =
        {
        SecurityAlertSimulatorBundleType.AppServices,SecurityAlertSimulatorBundleType.Dns,SecurityAlertSimulatorBundleType.KeyVaults,SecurityAlertSimulatorBundleType.KubernetesService,SecurityAlertSimulatorBundleType.ResourceManager,SecurityAlertSimulatorBundleType.SqlServers,SecurityAlertSimulatorBundleType.StorageAccounts,SecurityAlertSimulatorBundleType.VirtualMachines,SecurityAlertSimulatorBundleType.CosmosDbs
        },
    },
};
await collection.SimulateAsync(WaitUntil.Completed, content);

Console.WriteLine($"Succeeded");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Voorbeeldrespons

Statuscode:: 202

Definities

Name	Description
AlertSimulatorBundlesRequestProperties	Waarschuwingen simuleren op basis van deze bundels.
AlertSimulatorRequestBody	Aanvraagtekst waarschuwingssimulator.
BundleType	Waarschuwingssimulator ondersteunde bundels.
CloudError	Veelvoorkomende foutreactie voor alle Azure Resource Manager-API's om foutdetails te retourneren voor mislukte bewerkingen. (Dit volgt ook de OData-foutreactieindeling.)
CloudErrorBody	De foutdetails.
ErrorAdditionalInfo	Aanvullende informatie over de resourcebeheerfout.

AlertSimulatorBundlesRequestProperties

Waarschuwingen simuleren op basis van deze bundels.

Name	Type	Description
bundles	BundleType[]	Lijst met bundels.
kind	string: Bundles	Het soort waarschuwingssimulatie.

AlertSimulatorRequestBody

Aanvraagtekst waarschuwingssimulator.

Name	Type	Description
properties	AlertSimulatorRequestProperties: AlertSimulatorBundlesRequestProperties	Waarschuwingssimulator vraagt hoofdtekstgegevens aan.

BundleType

Waarschuwingssimulator ondersteunde bundels.

Name	Type	Description
AppServices	string
CosmosDbs	string
DNS	string
KeyVaults	string
KubernetesService	string
ResourceManager	string
SqlServers	string
StorageAccounts	string
VirtualMachines	string

CloudError

Veelvoorkomende foutreactie voor alle Azure Resource Manager-API's om foutdetails te retourneren voor mislukte bewerkingen. (Dit volgt ook de OData-foutreactieindeling.)

Name	Type	Description
error.additionalInfo	ErrorAdditionalInfo[]	De fout bevat aanvullende informatie.
error.code	string	De foutcode.
error.details	CloudErrorBody[]	De foutdetails.
error.message	string	Het foutbericht.
error.target	string	Het foutdoel.

CloudErrorBody

De foutdetails.

Name	Type	Description
additionalInfo	ErrorAdditionalInfo[]	De fout bevat aanvullende informatie.
code	string	De foutcode.
details	CloudErrorBody[]	De foutdetails.
message	string	Het foutbericht.
target	string	Het foutdoel.

ErrorAdditionalInfo

Aanvullende informatie over de resourcebeheerfout.

Name	Type	Description
info	object	De aanvullende informatie.
type	string	Het extra informatietype.

Delen via

Alerts - Simulate

URI-parameters

Aanvraagbody

Antwoorden

Beveiliging

azure_auth

Bereiken

Voorbeelden

Simulate security alerts on a subscription

Voorbeeldaanvraag

Voorbeeldrespons

Definities

AlertSimulatorBundlesRequestProperties

AlertSimulatorRequestBody

BundleType

CloudError

CloudErrorBody

ErrorAdditionalInfo

Aanvullende resources