Dela via


Azure.ResourceManager.SecurityCenter.Models Namespace

Classes

AadExternalSecuritySolution

Represents an AAD identity protection solution which sends logs to an OMS workspace.

AadSolutionProperties

The external security solution properties for AAD solutions.

ActionableRemediation

Configuration payload for PR Annotations.

ActiveConnectionsNotInAllowedRange

Number of active connections is not in allowed range.

AdaptiveApplicationControlIssueSummary

Represents a summary of the alerts of the machine group.

AdaptiveNetworkHardeningEnforceContent

The AdaptiveNetworkHardeningEnforceContent.

AdditionalWorkspacesProperties

Properties of the additional workspaces.

AllowlistCustomAlertRule

A custom alert rule that checks if a value (depends on the custom alert type) is allowed. Please note AllowlistCustomAlertRule is the base class. According to the scenario, a derived class of the base class might need to be assigned here, or this property needs to be casted to one of the possible derived classes. The available derived classes include ConnectionFromIPNotAllowed, ConnectionToIPNotAllowed, LocalUserNotAllowed and ProcessNotAllowed.

AmqpC2DMessagesNotInAllowedRange

Number of cloud to device messages (AMQP protocol) is not in allowed range.

AmqpC2DRejectedMessagesNotInAllowedRange

Number of rejected cloud to device messages (AMQP protocol) is not in allowed range.

AmqpD2CMessagesNotInAllowedRange

Number of device to cloud messages (AMQP protocol) is not in allowed range.

ArmSecurityCenterModelFactory

Model factory for models.

AtaExternalSecuritySolution

Represents an ATA security solution which sends logs to an OMS workspace.

AtaSolutionProperties

The external security solution properties for ATA solutions.

AuthenticationDetailsProperties

Settings for cloud authentication management Please note AuthenticationDetailsProperties is the base class. According to the scenario, a derived class of the base class might need to be assigned here, or this property needs to be casted to one of the possible derived classes. The available derived classes include AwsAssumeRoleAuthenticationDetailsProperties, AwsCredsAuthenticationDetailsProperties and GcpCredentialsDetailsProperties.

AwsAssumeRoleAuthenticationDetailsProperties

AWS cloud account connector based assume role, the role enables delegating access to your AWS resources. The role is composed of role Amazon Resource Name (ARN) and external ID. For more details, refer to <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user.html">Creating a Role to Delegate Permissions to an IAM User (write only)</a>.

AwsCredsAuthenticationDetailsProperties

AWS cloud account connector based credentials, the credentials is composed of access key ID and secret key, for more details, refer to <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html">Creating an IAM User in Your AWS Account (write only)</a>.

AwsEnvironment

The AWS connector environment data.

AwsOrganizationalDataMaster

The AWS organization data for the master account.

AwsOrganizationalDataMember

The AWS organization data for the member account.

AwsOrganizationalInfo

The AWS organization data Please note AwsOrganizationalInfo is the base class. According to the scenario, a derived class of the base class might need to be assigned here, or this property needs to be casted to one of the possible derived classes. The available derived classes include AwsOrganizationalDataMember and AwsOrganizationalDataMaster.

AzureDevOpsScopeEnvironment

The AzureDevOps scope connector's environment data.

AzureResourceDetails

Details of the Azure resource that was assessed.

AzureResourceIdentifier

Azure resource identifier.

AzureServersSetting

A vulnerability assessments setting on Azure servers in the defined scope.

BaselineAdjustedResult

The rule result adjusted with baseline.

BenchmarkReference

The benchmark references.

BuiltInInfoType

Pre-configured sensitive information type.

CategoryConfiguration

Severity level per category configuration for PR Annotations.

CefExternalSecuritySolution

Represents a security solution which sends CEF logs to an OMS workspace.

CefSolutionProperties

The external security solution properties for CEF solutions.

ComplianceSegment

A segment of a compliance assessment.

ConnectableResourceInfo

Describes the allowed inbound and outbound traffic of an Azure resource.

ConnectedResourceInfo

Describes properties of a connected resource.

ConnectionFromIPNotAllowed

Inbound connection from an ip that isn't allowed. Allow list consists of ipv4 or ipv6 range in CIDR notation.

ConnectionToIPNotAllowed

Outbound connection to an ip that isn't allowed. Allow list consists of ipv4 or ipv6 range in CIDR notation.

ContainerRegistryVulnerabilityProperties

Additional context fields for container registry Vulnerability assessment.

CspmMonitorAwsOffering

The CSPM monitoring for AWS offering.

CspmMonitorAzureDevOpsOffering

The CSPM monitoring for AzureDevOps offering.

CspmMonitorGcpOffering

The CSPM monitoring for GCP offering.

CspmMonitorGcpOfferingNativeCloudConnection

The native cloud connection configuration.

CspmMonitorGithubOffering

The CSPM monitoring for github offering.

CspmMonitorGitLabOffering

The CSPM (Cloud security posture management) monitoring for gitlab offering.

CustomAlertRule

A custom alert rule. Please note CustomAlertRule is the base class. According to the scenario, a derived class of the base class might need to be assigned here, or this property needs to be casted to one of the possible derived classes. The available derived classes include AllowlistCustomAlertRule, AmqpC2DMessagesNotInAllowedRange, AmqpC2DRejectedMessagesNotInAllowedRange, AmqpD2CMessagesNotInAllowedRange, ConnectionFromIPNotAllowed, ConnectionToIPNotAllowed, DenylistCustomAlertRule, DirectMethodInvokesNotInAllowedRange, FailedLocalLoginsNotInAllowedRange, FileUploadsNotInAllowedRange, HttpC2DMessagesNotInAllowedRange, HttpC2DRejectedMessagesNotInAllowedRange, HttpD2CMessagesNotInAllowedRange, ListCustomAlertRule, LocalUserNotAllowed, MqttC2DMessagesNotInAllowedRange, MqttC2DRejectedMessagesNotInAllowedRange, MqttD2CMessagesNotInAllowedRange, ProcessNotAllowed, QueuePurgesNotInAllowedRange, TwinUpdatesNotInAllowedRange, UnauthorizedOperationsNotInAllowedRange, ActiveConnectionsNotInAllowedRange, TimeWindowCustomAlertRule and ThresholdCustomAlertRule.

CustomAssessmentAutomationCreateOrUpdateContent

Custom Assessment Automation request.

CustomEntityStoreAssignmentCreateOrUpdateContent

describes the custom entity store assignment request.

DataExportSettings

Represents a data export setting.

DefenderCspmAwsOffering

The CSPM P1 for AWS offering.

DefenderCspmAwsOfferingCiem

Defenders CSPM Cloud infrastructure entitlement management (CIEM) offering configurations.

DefenderCspmAwsOfferingCiemOidc

Defender CSPM CIEM AWS OIDC (open id connect) configuration.

DefenderCspmAwsOfferingDatabasesDspm

The databases DSPM configuration.

DefenderCspmAwsOfferingDataSensitivityDiscovery

The Microsoft Defender Data Sensitivity discovery configuration.

DefenderCspmAwsOfferingMdcContainersAgentlessDiscoveryK8S

The Microsoft Defender container agentless discovery K8s configuration.

DefenderCspmAwsOfferingMdcContainersImageAssessment

The Microsoft Defender container image assessment configuration.

DefenderCspmAwsOfferingVmScanners

The Microsoft Defender for Server VM scanning configuration.

DefenderCspmAwsOfferingVmScannersConfiguration

configuration for Microsoft Defender for Server VM scanning.

DefenderCspmGcpOffering

The CSPM P1 for GCP offering.

DefenderCspmGcpOfferingCiemDiscovery

GCP Defenders CSPM Cloud infrastructure entitlement management (CIEM) discovery offering configurations.

DefenderCspmGcpOfferingDataSensitivityDiscovery

The Microsoft Defender Data Sensitivity discovery configuration.

DefenderCspmGcpOfferingMdcContainersAgentlessDiscoveryK8S

The Microsoft Defender Container agentless discovery configuration.

DefenderCspmGcpOfferingMdcContainersImageAssessment

The Microsoft Defender Container image assessment configuration.

DefenderCspmGcpOfferingVmScanners

The Microsoft Defender for Server VM scanning configuration.

DefenderCspmGcpOfferingVmScannersConfiguration

configuration for Microsoft Defender for Server VM scanning.

DefenderFoDatabasesAwsOfferingArcAutoProvisioningConfiguration

Configuration for servers Arc auto provisioning.

DefenderFoDatabasesAwsOfferingDatabasesDspm

The databases data security posture management (DSPM) configuration.

DefenderForContainersAwsOffering

The Defender for Containers AWS offering.

DefenderForContainersAwsOfferingMdcContainersAgentlessDiscoveryK8S

The Microsoft Defender container agentless discovery K8s configuration.

DefenderForContainersAwsOfferingMdcContainersImageAssessment

The Microsoft Defender container image assessment configuration.

DefenderForContainersGcpOffering

The containers GCP offering.

DefenderForContainersGcpOfferingDataPipelineNativeCloudConnection

The native cloud connection configuration.

DefenderForContainersGcpOfferingMdcContainersAgentlessDiscoveryK8S

The Microsoft Defender Container agentless discovery configuration.

DefenderForContainersGcpOfferingMdcContainersImageAssessment

The Microsoft Defender Container image assessment configuration.

DefenderForContainersGcpOfferingNativeCloudConnection

The native cloud connection configuration.

DefenderForDatabasesAwsOffering

The Defender for Databases AWS offering.

DefenderForDatabasesAwsOfferingArcAutoProvisioning

The ARC autoprovisioning configuration.

DefenderForDatabasesAwsOfferingRds

The RDS configuration.

DefenderForDatabasesGcpOffering

The Defender for Databases GCP offering configurations.

DefenderForDatabasesGcpOfferingArcAutoProvisioning

The ARC autoprovisioning configuration.

DefenderForDatabasesGcpOfferingArcAutoProvisioningConfiguration

Configuration for servers Arc auto provisioning.

DefenderForDevOpsAzureDevOpsOffering

The Defender for DevOps for Azure DevOps offering.

DefenderForDevOpsGithubOffering

The Defender for DevOps for Github offering.

DefenderForDevOpsGitLabOffering

The Defender for DevOps for Gitlab offering.

DefenderForServersAwsOffering

The Defender for Servers AWS offering.

DefenderForServersAwsOfferingArcAutoProvisioning

The ARC autoprovisioning configuration.

DefenderForServersAwsOfferingArcAutoProvisioningConfiguration

Configuration for servers Arc auto provisioning.

DefenderForServersAwsOfferingMdeAutoProvisioning

The Microsoft Defender for Endpoint autoprovisioning configuration.

DefenderForServersAwsOfferingVmScanners

The Microsoft Defender for Server VM scanning configuration.

DefenderForServersAwsOfferingVmScannersConfiguration

configuration for Microsoft Defender for Server VM scanning.

DefenderForServersAwsOfferingVulnerabilityAssessmentAutoProvisioning

The Vulnerability Assessment autoprovisioning configuration.

DefenderForServersGcpOffering

The Defender for Servers GCP offering configurations.

DefenderForServersGcpOfferingArcAutoProvisioning

The ARC autoprovisioning configuration.

DefenderForServersGcpOfferingArcAutoProvisioningConfiguration

Configuration for servers Arc auto provisioning.

DefenderForServersGcpOfferingMdeAutoProvisioning

The Microsoft Defender for Endpoint autoprovisioning configuration.

DefenderForServersGcpOfferingVmScanners

The Microsoft Defender for Server VM scanning configuration.

DefenderForServersGcpOfferingVmScannersConfiguration

configuration for Microsoft Defender for Server VM scanning.

DefenderForServersGcpOfferingVulnerabilityAssessmentAutoProvisioning

The Vulnerability Assessment autoprovisioning configuration.

DenylistCustomAlertRule

A custom alert rule that checks if a value (depends on the custom alert type) is denied.

DevOpsConfigurationProperties

DevOps Configuration properties.

DevOpsOrgProperties

Azure DevOps Organization properties.

DevOpsProjectProperties

Azure DevOps Project properties.

DevOpsRepositoryProperties

Azure DevOps Repository properties.

DirectMethodInvokesNotInAllowedRange

Number of direct method invokes is not in allowed range.

DiscoveredSecuritySolution

The DiscoveredSecuritySolution.

EffectiveNetworkSecurityGroups

Describes the Network Security Groups effective on a network interface.

EnvironmentDetails

The environment details of the resource.

ExecuteGovernanceRuleParams

Governance rule execution parameters.

ExecuteRuleStatus

Execute status of Security GovernanceRule over a given scope Serialized Name: ExecuteRuleStatus

ExtensionOperationStatus

A status describing the success/failure of the enablement/disablement operation.

ExternalSecuritySolution

Represents a security solution external to Microsoft Defender for Cloud which sends information to an OMS workspace and whose data is displayed by Microsoft Defender for Cloud. Please note ExternalSecuritySolution is the base class. According to the scenario, a derived class of the base class might need to be assigned here, or this property needs to be casted to one of the possible derived classes. The available derived classes include AadExternalSecuritySolution, AtaExternalSecuritySolution and CefExternalSecuritySolution.

ExternalSecuritySolutionProperties

The solution properties (correspond to the solution kind).

FailedLocalLoginsNotInAllowedRange

Number of failed local logins is not in allowed range.

FileUploadsNotInAllowedRange

Number of file uploads is not in allowed range.

GcpCredentialsDetailsProperties

GCP cloud account connector based service to service credentials, the credentials are composed of the organization ID and a JSON API key (write only).

GcpDefenderForDatabasesArcAutoProvisioning

The native cloud connection configuration.

GcpDefenderForServersInfo

The Defender for servers connection configuration.

GcpMemberOrganizationalInfo

The gcpOrganization data for the member account.

GcpOrganizationalInfo

The gcpOrganization data Please note GcpOrganizationalInfo is the base class. According to the scenario, a derived class of the base class might need to be assigned here, or this property needs to be casted to one of the possible derived classes. The available derived classes include GcpMemberOrganizationalInfo and GcpParentOrganizationalInfo.

GcpParentOrganizationalInfo

The gcpOrganization data for the parent account.

GcpProjectDetails

The details about the project represented by the security connector.

GcpProjectEnvironment

The GCP project connector environment data.

GetSensitivitySettingsResponsePropertiesMipInformation

Microsoft information protection built-in and custom information types, labels, and integration status.

GithubScopeEnvironment

The github scope connector's environment data.

GitlabScopeEnvironment

The GitLab scope connector's environment data.

GovernanceAssignmentAdditionalInfo

Describe the additional data of governance assignment - optional.

GovernanceEmailNotification

The governance email weekly notification configuration.

GovernanceRuleEmailNotification

The governance email weekly notification configuration.

GovernanceRuleMetadata

The governance rule metadata.

GovernanceRuleOwnerSource

Describe the owner source of governance rule.

HealthDataClassification

The classification of the health report.

HealthReportResourceDetails

The resource details of the health report.

HealthReportStatus

The status of the health report.

HttpC2DMessagesNotInAllowedRange

Number of cloud to device messages (HTTP protocol) is not in allowed range.

HttpC2DRejectedMessagesNotInAllowedRange

Number of rejected cloud to device messages (HTTP protocol) is not in allowed range.

HttpD2CMessagesNotInAllowedRange

Number of device to cloud messages (HTTP protocol) is not in allowed range.

HybridComputeSettingsProperties

Settings for hybrid compute management.

InformationProtectionAwsOffering

The information protection for AWS offering.

InformationProtectionKeyword

The information type keyword.

InformationProtectionPolicy

Information protection policy.

IngestionConnectionString

Connection string for ingesting security data and logs.

IngestionSettingToken

Configures how to correlate scan data and logs with resources associated with the subscription.

IotSecurityAggregatedAlertTopDevice

The IotSecurityAggregatedAlertTopDevice.

IotSecurityAlertedDevice

Statistical information about the number of alerts per device during last set number of days.

IotSecurityDeviceAlert

Statistical information about the number of alerts per alert type during last set number of days.

IotSecurityDeviceRecommendation

Statistical information about the number of recommendations per device, per recommendation type.

IotSecuritySolutionAnalyticsModelDevicesMetrics

The IotSecuritySolutionAnalyticsModelDevicesMetrics.

IotSecuritySolutionPatch

The IotSecuritySolutionPatch.

IotSeverityMetrics

IoT Security solution analytics severity metrics.

JitNetworkAccessPolicyInitiateContent

The JitNetworkAccessPolicyInitiateContent.

JitNetworkAccessPolicyInitiatePort

The JitNetworkAccessPolicyInitiatePort.

JitNetworkAccessPolicyInitiateVirtualMachine

The JitNetworkAccessPolicyInitiateVirtualMachine.

JitNetworkAccessPolicyVirtualMachine

The JitNetworkAccessPolicyVirtualMachine.

JitNetworkAccessPortRule

The JitNetworkAccessPortRule.

JitNetworkAccessRequestInfo

The JitNetworkAccessRequestInfo.

JitNetworkAccessRequestPort

The JitNetworkAccessRequestPort.

JitNetworkAccessRequestVirtualMachine

The JitNetworkAccessRequestVirtualMachine.

ListCustomAlertRule

A List custom alert rule. Please note ListCustomAlertRule is the base class. According to the scenario, a derived class of the base class might need to be assigned here, or this property needs to be casted to one of the possible derived classes. The available derived classes include AllowlistCustomAlertRule, ConnectionFromIPNotAllowed, ConnectionToIPNotAllowed, DenylistCustomAlertRule, LocalUserNotAllowed and ProcessNotAllowed.

LocalUserNotAllowed

Login by a local user that isn't allowed. Allow list consists of login names to allow.

LogAnalyticsIdentifier

Represents a Log Analytics workspace scope identifier.

MdeOnboarding

The resource of the configuration or data needed to onboard the machine to MDE.

MipSensitivityLabel

Microsoft information protection sensitivity label.

MqttC2DMessagesNotInAllowedRange

Number of cloud to device messages (MQTT protocol) is not in allowed range.

MqttC2DRejectedMessagesNotInAllowedRange

Number of rejected cloud to device messages (MQTT protocol) is not in allowed range.

MqttD2CMessagesNotInAllowedRange

Number of device to cloud messages (MQTT protocol) is not in allowed range.

OnPremiseResourceDetails

Details of the On Premise resource that was assessed Please note OnPremiseResourceDetails is the base class. According to the scenario, a derived class of the base class might need to be assigned here, or this property needs to be casted to one of the possible derived classes. The available derived classes include OnPremiseSqlResourceDetails.

OnPremiseSqlResourceDetails

Details of the On Premise Sql resource that was assessed.

OperationStatusAutoGenerated

A status describing the success/failure of the extension's enablement/disablement operation.

PathRecommendation

Represents a path that is recommended to be allowed and its properties.

PlanExtension

A plan's extension properties.

ProcessNotAllowed

Execution of a process that isn't allowed. Allow list consists of process names to allow.

ProxyServerProperties

For a non-Azure machine that is not connected directly to the internet, specify a proxy server that the non-Azure machine can use.

QueuePurgesNotInAllowedRange

Number of device queue purges is not in allowed range.

RecommendationConfigurationProperties

The type of IoT Security recommendation.

RecommendedSecurityRule

Describes remote addresses that is recommended to communicate with the Azure resource on some (Protocol, Port, Direction). All other remote addresses are recommended to be blocked.

RemediationEta

The ETA (estimated time of arrival) for remediation.

RulesResultsContent

Rules results input.

SecureScoreControlDefinitionItem

Information about the security control.

SecureScoreControlDetails

Details of the security control, its score, and the health status of the relevant resources.

SecurityAlertEntity

Changing set of properties depending on the entity type.

SecurityAlertResourceIdentifier

A resource identifier for an alert which can be used to direct the alert to the right product exposure group (tenant, workspace, subscription etc.). Please note SecurityAlertResourceIdentifier is the base class. According to the scenario, a derived class of the base class might need to be assigned here, or this property needs to be casted to one of the possible derived classes. The available derived classes include AzureResourceIdentifier and LogAnalyticsIdentifier.

SecurityAlertSimulatorBundlesRequestProperties

Simulate alerts according to this bundles.

SecurityAlertSimulatorContent

Alert Simulator request body.

SecurityAlertSimulatorRequestProperties

Describes properties of an alert simulation request Please note SecurityAlertSimulatorRequestProperties is the base class. According to the scenario, a derived class of the base class might need to be assigned here, or this property needs to be casted to one of the possible derived classes. The available derived classes include SecurityAlertSimulatorBundlesRequestProperties.

SecurityAlertSupportingEvidence

Changing set of properties depending on the supportingEvidence type.

SecurityAlertSyncSettings

Represents an alert sync setting.

SecurityAssessmentCreateOrUpdateContent

Security assessment on a resource.

SecurityAssessmentMetadataPartner

Describes the partner that created the assessment.

SecurityAssessmentMetadataProperties

Describes properties of an assessment metadata.

SecurityAssessmentPartner

Data regarding 3rd party partner integration.

SecurityAssessmentPublishDates

The SecurityAssessmentPublishDates.

SecurityAssessmentStatus

The result of the assessment.

SecurityAssessmentStatusResult

The result of the assessment.

SecurityAutomationAction

The action that should be triggered. Please note SecurityAutomationAction is the base class. According to the scenario, a derived class of the base class might need to be assigned here, or this property needs to be casted to one of the possible derived classes. The available derived classes include SecurityAutomationActionEventHub, SecurityAutomationActionLogicApp and SecurityAutomationActionWorkspace.

SecurityAutomationActionEventHub

The target Event Hub to which event data will be exported. To learn more about Microsoft Defender for Cloud continuous export capabilities, visit https://aka.ms/ASCExportLearnMore.

SecurityAutomationActionLogicApp

The logic app action that should be triggered. To learn more about Microsoft Defender for Cloud's Workflow Automation capabilities, visit https://aka.ms/ASCWorkflowAutomationLearnMore.

SecurityAutomationActionWorkspace

The Log Analytics Workspace to which event data will be exported. Security alerts data will reside in the 'SecurityAlert' table and the assessments data will reside in the 'SecurityRecommendation' table (under the 'Security'/'SecurityCenterFree' solutions). Note that in order to view the data in the workspace, the Security Center Log Analytics free/standard solution needs to be enabled on that workspace. To learn more about Microsoft Defender for Cloud continuous export capabilities, visit https://aka.ms/ASCExportLearnMore.

SecurityAutomationRuleSet

A rule set which evaluates all its rules upon an event interception. Only when all the included rules in the rule set will be evaluated as 'true', will the event trigger the defined actions.

SecurityAutomationScope

A single automation scope.

SecurityAutomationSource

The source event types which evaluate the security automation set of rules. For example - security alerts and security assessments. To learn more about the supported security events data models schemas - please visit https://aka.ms/ASCAutomationSchemas.

SecurityAutomationTriggeringRule

A rule which is evaluated upon event interception. The rule is configured by comparing a specific value from the event model to an expected value. This comparison is done by using one of the supported operators set.

SecurityAutomationValidationStatus

The security automation model state property bag.

SecurityCenterAllowedConnection

The resource whose properties describes the allowed traffic between Azure resources.

SecurityCenterCloudOffering

The security offering details Please note SecurityCenterCloudOffering is the base class. According to the scenario, a derived class of the base class might need to be assigned here, or this property needs to be casted to one of the possible derived classes. The available derived classes include CspmMonitorAwsOffering, CspmMonitorAzureDevOpsOffering, CspmMonitorGcpOffering, CspmMonitorGitLabOffering, CspmMonitorGithubOffering, DefenderCspmAwsOffering, DefenderCspmGcpOffering, DefenderForContainersAwsOffering, DefenderForContainersGcpOffering, DefenderForDatabasesAwsOffering, DefenderForDatabasesGcpOffering, DefenderForDevOpsAzureDevOpsOffering, DefenderForDevOpsGitLabOffering, DefenderForDevOpsGithubOffering, DefenderForServersAwsOffering, DefenderForServersGcpOffering and InformationProtectionAwsOffering.

SecurityCenterFileProtectionMode

The protection mode of the collection/file types. Exe/Msi/Script are used for Windows, Executable is used for Linux.

SecurityCenterPublisherInfo

Represents the publisher information of a process/rule.

SecurityCenterResourceDetails

Details of the resource that was assessed Please note SecurityCenterResourceDetails is the base class. According to the scenario, a derived class of the base class might need to be assigned here, or this property needs to be casted to one of the possible derived classes. The available derived classes include AzureResourceDetails, OnPremiseResourceDetails and OnPremiseSqlResourceDetails.

SecurityCenterTagsResourceInfo

A container holding only the Tags for a resource, allowing the user to update the tags.

SecurityConnectorEnvironment

The security connector environment data. Please note SecurityConnectorEnvironment is the base class. According to the scenario, a derived class of the base class might need to be assigned here, or this property needs to be casted to one of the possible derived classes. The available derived classes include AwsEnvironment, AzureDevOpsScopeEnvironment, GcpProjectEnvironment, GithubScopeEnvironment and GitlabScopeEnvironment.

SecurityConnectorGitHubOwnerProperties

GitHub Owner properties.

SecurityConnectorGitHubRepositoryProperties

GitHub Repository properties.

SecurityConnectorGitLabGroupProperties

GitLab Group properties.

SecurityConnectorGitLabProjectProperties

GitLab Project properties.

SecurityContactPropertiesAlertNotifications

Defines whether to send email notifications about new security alerts.

SecurityContactPropertiesNotificationsByRole

Defines whether to send email notifications from Microsoft Defender for Cloud to persons with specific RBAC roles on the subscription.

SecurityCve

CVE details.

SecurityCvss

CVSS details.

SecurityHealthReportIssue

The issue that caused the resource to by unhealthy.

SecurityInformationTypeInfo

The information type.

SecuritySolution

The SecuritySolution.

SecuritySolutionsReferenceData

The SecuritySolutionsReferenceData.

SecuritySubAssessmentAdditionalInfo

Details of the sub-assessment Please note SecuritySubAssessmentAdditionalInfo is the base class. According to the scenario, a derived class of the base class might need to be assigned here, or this property needs to be casted to one of the possible derived classes. The available derived classes include ContainerRegistryVulnerabilityProperties, ServerVulnerabilityProperties and SqlServerVulnerabilityProperties.

SecurityTaskProperties

Changing set of properties, depending on the task type that is derived from the name field.

SecurityTopologyResource

The SecurityTopologyResource.

SensitivityLabel

The sensitivity label.

SensitivitySettingCreateOrUpdateContent

Request to update data sensitivity settings for sensitive data discovery.

SensitivitySettingsProperties

The sensitivity settings properties.

ServerVulnerabilityProperties

Additional context fields for server vulnerability assessment.

ServicePrincipalProperties

Details of the service principal.

SqlServerVulnerabilityProperties

Details of the resource that was assessed.

SqlVulnerabilityAssessmentBaseline

Baseline details.

SqlVulnerabilityAssessmentBaselineRuleCreateOrUpdateContent

Rule results input.

SqlVulnerabilityAssessmentRemediation

Remediation details.

SqlVulnerabilityAssessmentScanProperties

A vulnerability assessment scan record properties.

SqlVulnerabilityAssessmentScanResult

A vulnerability assessment scan result for a single rule.

SqlVulnerabilityAssessmentScanResultProperties

A vulnerability assessment scan result properties for a single rule.

SubAssessmentStatus

Status of the sub-assessment.

SuppressionAlertsScopeElement

A more specific scope used to identify the alerts to suppress.

TargetBranchConfiguration

Repository branch configuration for PR Annotations.

ThresholdCustomAlertRule

A custom alert rule that checks if a value (depends on the custom alert type) is within the given range. Please note ThresholdCustomAlertRule is the base class. According to the scenario, a derived class of the base class might need to be assigned here, or this property needs to be casted to one of the possible derived classes. The available derived classes include ActiveConnectionsNotInAllowedRange, AmqpC2DMessagesNotInAllowedRange, AmqpC2DRejectedMessagesNotInAllowedRange, AmqpD2CMessagesNotInAllowedRange, DirectMethodInvokesNotInAllowedRange, FailedLocalLoginsNotInAllowedRange, FileUploadsNotInAllowedRange, HttpC2DMessagesNotInAllowedRange, HttpC2DRejectedMessagesNotInAllowedRange, HttpD2CMessagesNotInAllowedRange, MqttC2DMessagesNotInAllowedRange, MqttC2DRejectedMessagesNotInAllowedRange, MqttD2CMessagesNotInAllowedRange, QueuePurgesNotInAllowedRange, TimeWindowCustomAlertRule, TwinUpdatesNotInAllowedRange and UnauthorizedOperationsNotInAllowedRange.

TimeWindowCustomAlertRule

A custom alert rule that checks if the number of activities (depends on the custom alert type) in a time window is within the given range. Please note TimeWindowCustomAlertRule is the base class. According to the scenario, a derived class of the base class might need to be assigned here, or this property needs to be casted to one of the possible derived classes. The available derived classes include ActiveConnectionsNotInAllowedRange, AmqpC2DMessagesNotInAllowedRange, AmqpC2DRejectedMessagesNotInAllowedRange, AmqpD2CMessagesNotInAllowedRange, DirectMethodInvokesNotInAllowedRange, FailedLocalLoginsNotInAllowedRange, FileUploadsNotInAllowedRange, HttpC2DMessagesNotInAllowedRange, HttpC2DRejectedMessagesNotInAllowedRange, HttpD2CMessagesNotInAllowedRange, MqttC2DMessagesNotInAllowedRange, MqttC2DRejectedMessagesNotInAllowedRange, MqttD2CMessagesNotInAllowedRange, QueuePurgesNotInAllowedRange, TwinUpdatesNotInAllowedRange and UnauthorizedOperationsNotInAllowedRange.

TopologySingleResource

The TopologySingleResource.

TopologySingleResourceChild

The TopologySingleResourceChild.

TopologySingleResourceParent

The TopologySingleResourceParent.

TwinUpdatesNotInAllowedRange

Number of twin updates is not in allowed range.

UnauthorizedOperationsNotInAllowedRange

Number of unauthorized operations is not in allowed range.

UserDefinedInformationType

Custom user-defined information type.

UserDefinedResourcesProperties

Properties of the IoT Security solution's user defined resources.

UserRecommendation

Represents a user that is recommended to be allowed for a certain rule.

VendorReference

Vendor reference.

VmRecommendation

Represents a machine that is part of a machine group.

VulnerabilityAssessmentRule

vulnerability assessment rule metadata details.

VulnerabilityAssessmentRuleQueryCheck

The rule query details.

Structs

AadConnectivityStateType

The connectivity state of the external AAD solution.

ActionableRemediationState

ActionableRemediation Setting. None - the setting was never set. Enabled - ActionableRemediation is enabled. Disabled - ActionableRemediation is disabled.

AdaptiveApplicationControlEnforcementMode

The application control policy enforcement/protection mode of the machine group.

AdaptiveApplicationControlGroupSourceSystem

The source type of the machine group.

AdaptiveApplicationControlIssue

An alert that machines within a group can have.

AdditionalWorkspaceDataType

Data types sent to workspace.

AdditionalWorkspaceType

Workspace type.

AnnotateDefaultBranchState

Configuration of PR Annotations on default branch.

Enabled - PR Annotations are enabled on the resource's default branch. Disabled - PR Annotations are disabled on the resource's default branch.

ApplicationSourceResourceType

The application source, what it affects, e.g. Assessments.

AuthenticationProvisioningState

State of the multi-cloud connector.

AutomationTriggeringRuleOperator

A valid comparer operator to use. A case-insensitive comparison will be applied for String PropertyType.

AutomationTriggeringRulePropertyType

The data type of the compared operands (string, integer, floating point number or a boolean [true/false]].

AutoProvisionState

Describes what kind of security agent provisioning action to take.

AvailableSubPlanType

The available sub plans.

CustomAssessmentAutomationSupportedCloud

Relevant cloud for the custom assessment automation.

CustomAssessmentSeverity

The severity to relate to the assessments generated by this assessment automation.

DefenderForServersScanningMode

The scanning mode for the VM scan.

DefenderForStorageSettingName

The DefenderForStorageSettingName.

DevOpsAutoDiscovery

AutoDiscovery states.

DevOpsProvisioningState

The provisioning state of the resource.

Pending - Provisioning pending. Failed - Provisioning failed. Succeeded - Successful provisioning. Canceled - Provisioning canceled. PendingDeletion - Deletion pending. DeletionSuccess - Deletion successful. DeletionFailure - Deletion failure.

EndOfSupportStatus

End of support status.

ExtensionOperationStatusCode

The operation status code.

ExternalSecuritySolutionKind

The kind of the external solution.

GovernanceRuleOwnerSourceType

The owner type for the governance rule owner source.

GovernanceRuleSourceResourceType

The governance rule source, what the rule affects, e.g. Assessments.

GovernanceRuleType

The rule type of the governance rule, defines the source of the rule e.g. Integrated.

HealthReportSource

The platform where the assessed resource resides.

HealthReportStatusName

The status of the health report.

HybridComputeProvisioningState

State of the service principal and its secret.

ImplementationEffort

The implementation effort required to remediate this assessment.

InformationProtectionPolicyName

The InformationProtectionPolicyName.

InheritFromParentState

Update Settings.

Enabled - Resource should inherit configurations from parent. Disabled - Resource should not inherit configurations from parent.

IotSecurityRecommendationType

The type of IoT Security recommendation.

IotSecuritySolutionDataSource

The IotSecuritySolutionDataSource.

IotSecuritySolutionExportOption

The IotSecuritySolutionExportOption.

IsExtensionEnabled

Indicates whether the extension is enabled.

JitNetworkAccessPortProtocol

The JitNetworkAccessPortProtocol.

JitNetworkAccessPortStatus

The status of the port.

JitNetworkAccessPortStatusReason

A description of why the status has its value.

KillChainIntent

The kill chain related intent behind the alert. For list of supported values, and explanations of Azure Security Center's supported kill chain intents.

MipIntegrationStatus

Microsoft information protection integration status.

PathRecommendationFileType

The type of the file (for Linux files - Executable is used).

RecommendationAction

The recommendation action of the machine or rule.

RecommendationConfigStatus

Recommendation status. When the recommendation status is disabled recommendations are not generated.

RecommendationStatus

The initial recommendation status of the machine group or machine.

RegulatoryComplianceState

Aggregative state based on the standard's supported controls states.

ReportedSeverity

Assessed alert severity.

ResourceOnboardingState

Details about resource onboarding status across all connectors.

OnboardedByOtherConnector - this resource has already been onboarded to another connector. This is only applicable to top-level resources. Onboarded - this resource has already been onboarded by the specified connector. NotOnboarded - this resource has not been onboarded to any connector. NotApplicable - the onboarding state is not applicable to the current endpoint.

RuleCategory

Rule categories. Code - code scanning results. Artifact scanning results. Dependencies scanning results. IaC results. Secrets scanning results. Container scanning results.

RuleSeverity

The rule severity.

SecurityAlertMinimalSeverity

Defines the minimal alert severity which will be sent as email notifications.

SecurityAlertNotificationByRoleState

Defines whether to send email notifications from AMicrosoft Defender for Cloud to persons with specific RBAC roles on the subscription.

SecurityAlertNotificationState

Defines if email notifications will be sent about new security alerts.

SecurityAlertReceivingRole

A possible role to configure sending security notification alerts to.

SecurityAlertSeverity

The risk level of the threat that was detected. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-alerts-overview#how-are-alerts-classified.

SecurityAlertSimulatorBundleType

Alert Simulator supported bundles.

SecurityAlertStatus

The life cycle status of the alert.

SecurityAssessmentODataExpand

The SecurityAssessmentODataExpand.

SecurityAssessmentResourceCategory

The categories of resource that is at risk when the assessment is unhealthy.

SecurityAssessmentResourceStatus

The status of the resource regarding a single assessment.

SecurityAssessmentSeverity

The sub-assessment severity level.

SecurityAssessmentStatusCode

Programmatic code for the status of the assessment.

SecurityAssessmentTactic

Tactic of the assessment.

SecurityAssessmentTechnique

Techniques of the assessment.

SecurityAssessmentType

BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition.

SecurityAssessmentUserImpact

The user impact of the assessment.

SecurityCenterCloudName

The multi cloud resource's cloud name.

SecurityCenterCloudPermission

A permission detected in the cloud account.

SecurityCenterConfigurationStatus

The configuration status of the machines group or machine or rule.

SecurityCenterConnectionType

The SecurityCenterConnectionType.

SecurityCenterPricingTier

The pricing tier value. Microsoft Defender for Cloud is provided in two pricing tiers: free and standard. The standard tier offers advanced security capabilities, while the free tier offers basic security features.

SecurityCenterVmEnforcementSupportState

The machine supportability of Enforce feature.

SecurityControlType

The type of security control (for example, BuiltIn).

SecurityEventSource

A valid event source type.

SecurityFamily

The security family of the discovered solution.

SecurityFamilyProvisioningState

The security family provisioning State.

SecurityScoreODataExpand

The SecurityScoreODataExpand.

SecuritySettingName

The SecuritySettingName.

SecuritySolutionStatus

Status of the IoT Security solution.

SecurityThreat

Threats impact of the assessment.

SecurityTrafficDirection

The rule's direction.

SecurityTransportProtocol

The SecurityTransportProtocol.

SecurityValueType

The value type of the items in the list.

ServerVulnerabilityAssessmentPropertiesProvisioningState

The provisioningState of the vulnerability assessment capability on the VM.

ServerVulnerabilityAssessmentsAzureSettingSelectedProvider

The selected vulnerability assessments provider on Azure servers in the defined scope.

ServerVulnerabilityAssessmentsSettingKindName

The ServerVulnerabilityAssessmentsSettingKindName.

SqlVulnerabilityAssessmentScanResultRuleStatus

The rule result status.

SqlVulnerabilityAssessmentScanState

The scan status.

SqlVulnerabilityAssessmentScanTriggerType

The scan trigger type.

SubAssessmentStatusCode

Programmatic code for the status of the assessment.

UnmaskedIPLoggingStatus

Unmasked IP address logging status.

VulnerabilityAssessmentAutoProvisioningType

The Vulnerability Assessment solution to be provisioned. Can be either 'TVM' or 'Qualys'.

VulnerabilityAssessmentRuleType

The rule type.

Enums

SecurityAlertsSuppressionRuleState

Possible states of the rule.

SensitivityLabelRank

The rank of the sensitivity label.