Список всех правил увольнения для данной подписки
GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Security/alertsSuppressionRules?api-version=2019-01-01-preview
С использованием необязательных параметров:
GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Security/alertsSuppressionRules?api-version=2019-01-01-preview&AlertType={AlertType}
Параметры URI
| Имя |
В |
Обязательно |
Тип |
Описание |
|
subscriptionId
|
path |
True
|
string
|
Идентификатор подписки Azure
Шаблон регулярного выражения: ^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$
|
|
api-version
|
query |
True
|
string
|
Версия API для операции
|
|
AlertType
|
query |
|
string
|
Тип оповещения для получения правил
|
Ответы
Безопасность
azure_auth
Поток OAuth2 Azure Active Directory
Тип:
oauth2
Flow:
implicit
URL-адрес авторизации:
https://login.microsoftonline.com/common/oauth2/authorize
Области
| Имя |
Описание |
|
user_impersonation
|
олицетворения учетной записи пользователя
|
Примеры
Get suppression alert rule for subscription, filtered by AlertType
Образец запроса
GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/alertsSuppressionRules?api-version=2019-01-01-preview
/**
* Samples for AlertsSuppressionRules List.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/
* AlertsSuppressionRules/GetAlertsSuppressionRulesWithAlertType_example.json
*/
/**
* Sample code: Get suppression alert rule for subscription, filtered by AlertType.
*
* @param manager Entry point to SecurityManager.
*/
public static void getSuppressionAlertRuleForSubscriptionFilteredByAlertType(
com.azure.resourcemanager.security.SecurityManager manager) {
manager.alertsSuppressionRules().list("IpAnomaly", com.azure.core.util.Context.NONE);
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/AlertsSuppressionRules/GetAlertsSuppressionRulesWithAlertType_example.json
func ExampleAlertsSuppressionRulesClient_NewListPager_getSuppressionAlertRuleForSubscriptionFilteredByAlertType() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
pager := clientFactory.NewAlertsSuppressionRulesClient().NewListPager(&armsecurity.AlertsSuppressionRulesClientListOptions{AlertType: nil})
for pager.More() {
page, err := pager.NextPage(ctx)
if err != nil {
log.Fatalf("failed to advance page: %v", err)
}
for _, v := range page.Value {
// You could use page here. We use blank identifier for just demo purposes.
_ = v
}
// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// page.AlertsSuppressionRulesList = armsecurity.AlertsSuppressionRulesList{
// Value: []*armsecurity.AlertsSuppressionRule{
// {
// Name: to.Ptr("dismissIpAnomalyAlerts"),
// Type: to.Ptr("Microsoft.Security/alertsSuppressionRules"),
// ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/alertsSuppressionRules/dismissIpAnomalyAlerts"),
// Properties: &armsecurity.AlertsSuppressionRuleProperties{
// AlertType: to.Ptr("IpAnomaly"),
// Comment: to.Ptr("Test VM"),
// ExpirationDateUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-01T19:50:47.083Z"); return t}()),
// LastModifiedUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-07-31T19:50:47.083Z"); return t}()),
// Reason: to.Ptr("FalsePositive"),
// State: to.Ptr(armsecurity.RuleStateEnabled),
// SuppressionAlertsScope: &armsecurity.SuppressionAlertsScope{
// AllOf: []*armsecurity.ScopeElement{
// {
// AdditionalProperties: map[string]any{
// "in": []any{
// "104.215.95.187",
// "52.164.206.56",
// },
// },
// Field: to.Ptr("entities.ip.address"),
// },
// {
// AdditionalProperties: map[string]any{
// "contains": "POWERSHELL.EXE",
// },
// Field: to.Ptr("entities.process.commandline"),
// }},
// },
// },
// }},
// }
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to List of all the dismiss rules for the given subscription
*
* @summary List of all the dismiss rules for the given subscription
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/AlertsSuppressionRules/GetAlertsSuppressionRulesWithAlertType_example.json
*/
async function getSuppressionAlertRuleForSubscriptionFilteredByAlertType() {
const subscriptionId =
process.env["SECURITY_SUBSCRIPTION_ID"] || "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential, subscriptionId);
const resArray = new Array();
for await (let item of client.alertsSuppressionRules.list()) {
resArray.push(item);
}
console.log(resArray);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;
// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/AlertsSuppressionRules/GetAlertsSuppressionRulesWithAlertType_example.json
// this example is just showing the usage of "AlertsSuppressionRules_List" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this SubscriptionResource created on azure
// for more information of creating SubscriptionResource, please refer to the document of SubscriptionResource
string subscriptionId = "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
ResourceIdentifier subscriptionResourceId = SubscriptionResource.CreateResourceIdentifier(subscriptionId);
SubscriptionResource subscriptionResource = client.GetSubscriptionResource(subscriptionResourceId);
// get the collection of this SecurityAlertsSuppressionRuleResource
SecurityAlertsSuppressionRuleCollection collection = subscriptionResource.GetSecurityAlertsSuppressionRules();
// invoke the operation and iterate over the result
await foreach (SecurityAlertsSuppressionRuleResource item in collection.GetAllAsync())
{
// the variable item is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
SecurityAlertsSuppressionRuleData resourceData = item.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
}
Console.WriteLine($"Succeeded");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Пример ответа
{
"value": [
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/alertsSuppressionRules/dismissIpAnomalyAlerts",
"name": "dismissIpAnomalyAlerts",
"type": "Microsoft.Security/alertsSuppressionRules",
"properties": {
"alertType": "IpAnomaly",
"lastModifiedUtc": "2019-07-31T19:50:47.083633Z",
"expirationDateUtc": "2019-12-01T19:50:47.083633Z",
"state": "Enabled",
"reason": "FalsePositive",
"comment": "Test VM",
"suppressionAlertsScope": {
"allOf": [
{
"field": "entities.ip.address",
"in": [
"104.215.95.187",
"52.164.206.56"
]
},
{
"field": "entities.process.commandline",
"contains": "POWERSHELL.EXE"
}
]
}
}
}
]
}
Get suppression rules for subscription
Образец запроса
GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/alertsSuppressionRules?api-version=2019-01-01-preview
/**
* Samples for AlertsSuppressionRules List.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/
* AlertsSuppressionRules/GetAlertsSuppressionRules_example.json
*/
/**
* Sample code: Get suppression rules for subscription.
*
* @param manager Entry point to SecurityManager.
*/
public static void getSuppressionRulesForSubscription(com.azure.resourcemanager.security.SecurityManager manager) {
manager.alertsSuppressionRules().list(null, com.azure.core.util.Context.NONE);
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/AlertsSuppressionRules/GetAlertsSuppressionRules_example.json
func ExampleAlertsSuppressionRulesClient_NewListPager_getSuppressionRulesForSubscription() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
pager := clientFactory.NewAlertsSuppressionRulesClient().NewListPager(&armsecurity.AlertsSuppressionRulesClientListOptions{AlertType: nil})
for pager.More() {
page, err := pager.NextPage(ctx)
if err != nil {
log.Fatalf("failed to advance page: %v", err)
}
for _, v := range page.Value {
// You could use page here. We use blank identifier for just demo purposes.
_ = v
}
// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// page.AlertsSuppressionRulesList = armsecurity.AlertsSuppressionRulesList{
// Value: []*armsecurity.AlertsSuppressionRule{
// {
// Name: to.Ptr("dismissIpAnomalyAlerts"),
// Type: to.Ptr("Microsoft.Security/alertsSuppressionRules"),
// ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/alertsSuppressionRules/dismissIpAnomalyAlerts"),
// Properties: &armsecurity.AlertsSuppressionRuleProperties{
// AlertType: to.Ptr("IpAnomaly"),
// Comment: to.Ptr("Test VM"),
// ExpirationDateUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-01T19:50:47.083Z"); return t}()),
// LastModifiedUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-07-31T19:50:47.083Z"); return t}()),
// Reason: to.Ptr("FalsePositive"),
// State: to.Ptr(armsecurity.RuleStateEnabled),
// SuppressionAlertsScope: &armsecurity.SuppressionAlertsScope{
// AllOf: []*armsecurity.ScopeElement{
// {
// AdditionalProperties: map[string]any{
// "in": []any{
// "104.215.95.187",
// "52.164.206.56",
// },
// },
// Field: to.Ptr("entities.ip.address"),
// },
// {
// AdditionalProperties: map[string]any{
// "contains": "POWERSHELL.EXE",
// },
// Field: to.Ptr("entities.process.commandline"),
// }},
// },
// },
// },
// {
// Name: to.Ptr("dismissDataExfiltrationAnomalyAlertsOnTestVMs"),
// Type: to.Ptr("Microsoft.Security/alertsSuppressionRules"),
// ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/alertsSuppressionRules/dismissDataExfiltrationAnomalyAlertsOnTestVMs"),
// Properties: &armsecurity.AlertsSuppressionRuleProperties{
// AlertType: to.Ptr("DataExfiltrationAnomaly"),
// ExpirationDateUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-12-01T19:50:47.083Z"); return t}()),
// LastModifiedUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2019-07-31T19:50:47.083Z"); return t}()),
// Reason: to.Ptr("FalsePositive"),
// State: to.Ptr(armsecurity.RuleStateEnabled),
// },
// }},
// }
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to List of all the dismiss rules for the given subscription
*
* @summary List of all the dismiss rules for the given subscription
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/AlertsSuppressionRules/GetAlertsSuppressionRules_example.json
*/
async function getSuppressionRulesForSubscription() {
const subscriptionId =
process.env["SECURITY_SUBSCRIPTION_ID"] || "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential, subscriptionId);
const resArray = new Array();
for await (let item of client.alertsSuppressionRules.list()) {
resArray.push(item);
}
console.log(resArray);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;
// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2019-01-01-preview/examples/AlertsSuppressionRules/GetAlertsSuppressionRules_example.json
// this example is just showing the usage of "AlertsSuppressionRules_List" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this SubscriptionResource created on azure
// for more information of creating SubscriptionResource, please refer to the document of SubscriptionResource
string subscriptionId = "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
ResourceIdentifier subscriptionResourceId = SubscriptionResource.CreateResourceIdentifier(subscriptionId);
SubscriptionResource subscriptionResource = client.GetSubscriptionResource(subscriptionResourceId);
// get the collection of this SecurityAlertsSuppressionRuleResource
SecurityAlertsSuppressionRuleCollection collection = subscriptionResource.GetSecurityAlertsSuppressionRules();
// invoke the operation and iterate over the result
await foreach (SecurityAlertsSuppressionRuleResource item in collection.GetAllAsync())
{
// the variable item is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
SecurityAlertsSuppressionRuleData resourceData = item.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
}
Console.WriteLine($"Succeeded");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Пример ответа
{
"value": [
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/alertsSuppressionRules/dismissIpAnomalyAlerts",
"name": "dismissIpAnomalyAlerts",
"type": "Microsoft.Security/alertsSuppressionRules",
"properties": {
"alertType": "IpAnomaly",
"lastModifiedUtc": "2019-07-31T19:50:47.083633Z",
"expirationDateUtc": "2019-12-01T19:50:47.083633Z",
"state": "Enabled",
"reason": "FalsePositive",
"comment": "Test VM",
"suppressionAlertsScope": {
"allOf": [
{
"field": "entities.ip.address",
"in": [
"104.215.95.187",
"52.164.206.56"
]
},
{
"field": "entities.process.commandline",
"contains": "POWERSHELL.EXE"
}
]
}
}
},
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/alertsSuppressionRules/dismissDataExfiltrationAnomalyAlertsOnTestVMs",
"name": "dismissDataExfiltrationAnomalyAlertsOnTestVMs",
"type": "Microsoft.Security/alertsSuppressionRules",
"properties": {
"alertType": "DataExfiltrationAnomaly",
"lastModifiedUtc": "2019-07-31T19:50:47.083633Z",
"expirationDateUtc": "2019-12-01T19:50:47.083633Z",
"state": "Enabled",
"reason": "FalsePositive"
}
}
]
}
Определения
AlertsSuppressionRule
Описание правила подавления
| Имя |
Тип |
Описание |
|
id
|
string
|
Идентификатор ресурса
|
|
name
|
string
|
Имя ресурса
|
|
properties.alertType
|
string
|
Тип оповещения для автоматического подавления. Для всех типов оповещений используйте "*"
|
|
properties.comment
|
string
|
Любой комментарий относительно правила
|
|
properties.expirationDateUtc
|
string
|
Дата окончания срока действия правила, если значение не предоставлено или указано как null, срок действия не будет вообще
|
|
properties.lastModifiedUtc
|
string
|
Последний раз, когда это правило было изменено
|
|
properties.reason
|
string
|
Причина увольнения оповещения
|
|
properties.state
|
RuleState
|
Возможные состояния правила
|
|
properties.suppressionAlertsScope
|
SuppressionAlertsScope
|
Условия подавления
|
|
type
|
string
|
Тип ресурса
|
AlertsSuppressionRulesList
Список правил подавления для подписки.
| Имя |
Тип |
Описание |
|
nextLink
|
string
|
URI для получения следующей страницы.
|
|
value
|
AlertsSuppressionRule[]
|
Описание правила подавления
|
CloudError
Распространенный ответ об ошибке для всех API Azure Resource Manager для возврата сведений об ошибке для неудачных операций. (Это также следует формату ответа об ошибках OData.).
| Имя |
Тип |
Описание |
|
error.additionalInfo
|
ErrorAdditionalInfo[]
|
Дополнительные сведения об ошибке.
|
|
error.code
|
string
|
Код ошибки.
|
|
error.details
|
CloudErrorBody[]
|
Сведения об ошибке.
|
|
error.message
|
string
|
Сообщение об ошибке.
|
|
error.target
|
string
|
Целевой объект ошибки.
|
CloudErrorBody
Сведения об ошибке.
| Имя |
Тип |
Описание |
|
additionalInfo
|
ErrorAdditionalInfo[]
|
Дополнительные сведения об ошибке.
|
|
code
|
string
|
Код ошибки.
|
|
details
|
CloudErrorBody[]
|
Сведения об ошибке.
|
|
message
|
string
|
Сообщение об ошибке.
|
|
target
|
string
|
Целевой объект ошибки.
|
ErrorAdditionalInfo
Дополнительные сведения об ошибке управления ресурсами.
| Имя |
Тип |
Описание |
|
info
|
object
|
Дополнительные сведения.
|
|
type
|
string
|
Дополнительный тип сведений.
|
RuleState
Возможные состояния правила
| Имя |
Тип |
Описание |
|
Disabled
|
string
|
|
|
Enabled
|
string
|
|
|
Expired
|
string
|
|
ScopeElement
Более конкретная область, используемая для идентификации оповещений для подавления.
| Имя |
Тип |
Описание |
|
field
|
string
|
Тип сущности оповещения для подавления.
|
SuppressionAlertsScope
| Имя |
Тип |
Описание |
|
allOf
|
ScopeElement[]
|
Все условия внутри должны быть верными, чтобы отключить оповещение
|