Skapar eller uppdaterar en styrningsregel över ett visst omfång
PUT https://management.azure.com/{scope}/providers/Microsoft.Security/governanceRules/{ruleId}?api-version=2022-01-01-preview
URI-parametrar
| Name |
I |
Obligatorisk |
Typ |
Description |
|
ruleId
|
path |
True
|
string
|
Styrningsregelnyckeln – unik nyckel för standardstyrningsregeln (GUID)
|
|
scope
|
path |
True
|
string
|
Omfånget för styrningsreglerna. Giltiga omfång är: hanteringsgrupp (format: "providers/Microsoft.Management/managementGroups/{managementGroup}", prenumeration (format: "subscriptions/{subscriptionId}") eller säkerhetsanslutningsprogram (format: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName})"
|
|
api-version
|
query |
True
|
string
|
API-version för åtgärden
|
Begärandetext
| Name |
Obligatorisk |
Typ |
Description |
|
properties.conditionSets
|
True
|
Condition[]
|
StyrningsregelvillkorUppsättningar – se exempel
|
|
properties.displayName
|
True
|
string
|
Visningsnamn för styrningsregeln
|
|
properties.ownerSource
|
True
|
GovernanceRuleOwnerSource
|
Ägarkällan för styrningsregeln – t.ex. manuellt av user@contoso.com – se exempel
|
|
properties.rulePriority
|
True
|
integer
|
Styrningsregelns prioritet, prioritet till det lägre talet. Regler med samma prioritet för samma omfång tillåts inte
|
|
properties.ruleType
|
True
|
GovernanceRuleType
|
Regeltypen för styrningsregeln definierar källan till regeln, t.ex. integrerad
|
|
properties.sourceResourceType
|
True
|
GovernanceRuleSourceResourceType
|
Styrningsregelkällan, vad regeln påverkar, t.ex. utvärderingar
|
|
properties.description
|
|
string
|
Beskrivning av styrningsregeln
|
|
properties.excludedScopes
|
|
string[]
|
Exkluderade omfång filtrerar du bort underordnade till omfånget (på hanteringsomfång)
|
|
properties.governanceEmailNotification
|
|
GovernanceRuleEmailNotification
|
Inställningarna för e-postaviseringar för styrningsregeln anger om meddelanden för hanteraren och ägare ska inaktiveras
|
|
properties.includeMemberScopes
|
|
boolean
|
Definierar om regeln är hanteringsomfångsregel (huvudanslutning som ett enda omfång eller hanteringsomfång)
|
|
properties.isDisabled
|
|
boolean
|
Definierar om regeln är aktiv/inaktiv
|
|
properties.isGracePeriod
|
|
boolean
|
Definierar om det finns en respitperiod för styrningsregeln
|
|
properties.metadata
|
|
GovernanceRuleMetadata
|
Metadata för styrningsregeln
|
|
properties.remediationTimeframe
|
|
string
|
Tidsram för reparation av styrningsregel – det här är den tid som påverkar respitperiodens varaktighet, t.ex. 7.00:00:00 – innebär 7 dagar
|
Svar
Säkerhet
azure_auth
Azure Active Directory OAuth2 Flow
Typ:
oauth2
Flow:
implicit
Auktoriseringswebbadress:
https://login.microsoftonline.com/common/oauth2/authorize
Omfattningar
| Name |
Description |
|
user_impersonation
|
personifiera ditt användarkonto
|
Exempel
Create or update governance rule over management group scope
Exempelbegäran
PUT https://management.azure.com/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8?api-version=2022-01-01-preview
{
"properties": {
"displayName": "Management group rule",
"description": "A rule for a management group",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 200,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
"operator": "In"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": true,
"disableOwnerEmailNotification": false
},
"excludedScopes": [
"/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"
]
}
}
import com.azure.core.management.serializer.SerializerFactory;
import com.azure.core.util.serializer.SerializerEncoding;
import com.azure.resourcemanager.security.models.GovernanceRuleEmailNotification;
import com.azure.resourcemanager.security.models.GovernanceRuleOwnerSource;
import com.azure.resourcemanager.security.models.GovernanceRuleOwnerSourceType;
import com.azure.resourcemanager.security.models.GovernanceRuleSourceResourceType;
import com.azure.resourcemanager.security.models.GovernanceRuleType;
import java.io.IOException;
import java.util.Arrays;
/**
* Samples for GovernanceRules CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/
* PutManagementGroupGovernanceRule_example.json
*/
/**
* Sample code: Create or update governance rule over management group scope.
*
* @param manager Entry point to SecurityManager.
*/
public static void createOrUpdateGovernanceRuleOverManagementGroupScope(
com.azure.resourcemanager.security.SecurityManager manager) throws IOException {
manager.governanceRules().define("ad9a8e26-29d9-4829-bb30-e597a58cdbb8")
.withExistingScope("providers/Microsoft.Management/managementGroups/contoso")
.withDisplayName("Management group rule").withDescription("A rule for a management group")
.withRemediationTimeframe("7.00:00:00").withIsGracePeriod(true).withRulePriority(200).withIsDisabled(false)
.withRuleType(GovernanceRuleType.INTEGRATED)
.withSourceResourceType(GovernanceRuleSourceResourceType.ASSESSMENTS)
.withExcludedScopes(Arrays.asList("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"))
.withConditionSets(Arrays.asList(SerializerFactory.createDefaultManagementSerializerAdapter().deserialize(
"{\"conditions\":[{\"operator\":\"In\",\"property\":\"$.AssessmentKey\",\"value\":\"[\\\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\\\", \\\"fe83f80b-073d-4ccf-93d9-6797eb870201\\\"]\"}]}",
Object.class, SerializerEncoding.JSON)))
.withOwnerSource(new GovernanceRuleOwnerSource().withType(GovernanceRuleOwnerSourceType.MANUALLY)
.withValue("user@contoso.com"))
.withGovernanceEmailNotification(new GovernanceRuleEmailNotification()
.withDisableManagerEmailNotification(true).withDisableOwnerEmailNotification(false))
.create();
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutManagementGroupGovernanceRule_example.json
func ExampleGovernanceRulesClient_CreateOrUpdate_createOrUpdateGovernanceRuleOverManagementGroupScope() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewGovernanceRulesClient().CreateOrUpdate(ctx, "providers/Microsoft.Management/managementGroups/contoso", "ad9a8e26-29d9-4829-bb30-e597a58cdbb8", armsecurity.GovernanceRule{
Properties: &armsecurity.GovernanceRuleProperties{
Description: to.Ptr("A rule for a management group"),
ConditionSets: []any{
map[string]any{
"conditions": []any{
map[string]any{
"operator": "In",
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
},
},
}},
DisplayName: to.Ptr("Management group rule"),
ExcludedScopes: []*string{
to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23")},
GovernanceEmailNotification: &armsecurity.GovernanceRuleEmailNotification{
DisableManagerEmailNotification: to.Ptr(true),
DisableOwnerEmailNotification: to.Ptr(false),
},
IsDisabled: to.Ptr(false),
IsGracePeriod: to.Ptr(true),
OwnerSource: &armsecurity.GovernanceRuleOwnerSource{
Type: to.Ptr(armsecurity.GovernanceRuleOwnerSourceTypeManually),
Value: to.Ptr("user@contoso.com"),
},
RemediationTimeframe: to.Ptr("7.00:00:00"),
RulePriority: to.Ptr[int32](200),
RuleType: to.Ptr(armsecurity.GovernanceRuleTypeIntegrated),
SourceResourceType: to.Ptr(armsecurity.GovernanceRuleSourceResourceTypeAssessments),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.GovernanceRule = armsecurity.GovernanceRule{
// Name: to.Ptr("ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
// Type: to.Ptr("Microsoft.Security/governanceRules"),
// ID: to.Ptr("providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
// Properties: &armsecurity.GovernanceRuleProperties{
// Description: to.Ptr("A rule for a management group"),
// ConditionSets: []any{
// map[string]any{
// "conditions":[]any{
// map[string]any{
// "operator": "In",
// "property": "$.AssessmentKey",
// "value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
// },
// },
// }},
// DisplayName: to.Ptr("Management group rule"),
// ExcludedScopes: []*string{
// to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23")},
// GovernanceEmailNotification: &armsecurity.GovernanceRuleEmailNotification{
// DisableManagerEmailNotification: to.Ptr(true),
// DisableOwnerEmailNotification: to.Ptr(false),
// },
// IncludeMemberScopes: to.Ptr(false),
// IsDisabled: to.Ptr(false),
// IsGracePeriod: to.Ptr(true),
// Metadata: &armsecurity.GovernanceRuleMetadata{
// CreatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// CreatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// UpdatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// UpdatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// },
// OwnerSource: &armsecurity.GovernanceRuleOwnerSource{
// Type: to.Ptr(armsecurity.GovernanceRuleOwnerSourceTypeManually),
// Value: to.Ptr("user@contoso.com"),
// },
// RemediationTimeframe: to.Ptr("7.00:00:00"),
// RulePriority: to.Ptr[int32](200),
// RuleType: to.Ptr(armsecurity.GovernanceRuleTypeIntegrated),
// SourceResourceType: to.Ptr(armsecurity.GovernanceRuleSourceResourceTypeAssessments),
// TenantID: to.Ptr("f0b6d37b-e4bc-4719-9291-c066c3194f23"),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Creates or updates a governance rule over a given scope
*
* @summary Creates or updates a governance rule over a given scope
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutManagementGroupGovernanceRule_example.json
*/
async function createOrUpdateGovernanceRuleOverManagementGroupScope() {
const scope = "providers/Microsoft.Management/managementGroups/contoso";
const ruleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8";
const governanceRule = {
description: "A rule for a management group",
conditionSets: [
{
conditions: [
{
operator: "In",
property: "$.AssessmentKey",
value:
'["b1cd27e0-4ecc-4246-939f-49c426d9d72f", "fe83f80b-073d-4ccf-93d9-6797eb870201"]',
},
],
},
],
displayName: "Management group rule",
excludedScopes: ["/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"],
governanceEmailNotification: {
disableManagerEmailNotification: true,
disableOwnerEmailNotification: false,
},
isDisabled: false,
isGracePeriod: true,
ownerSource: { type: "Manually", value: "user@contoso.com" },
remediationTimeframe: "7.00:00:00",
rulePriority: 200,
ruleType: "Integrated",
sourceResourceType: "Assessments",
};
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential);
const result = await client.governanceRules.createOrUpdate(scope, ruleId, governanceRule);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;
// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutManagementGroupGovernanceRule_example.json
// this example is just showing the usage of "GovernanceRules_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this GovernanceRuleResource created on azure
// for more information of creating GovernanceRuleResource, please refer to the document of GovernanceRuleResource
string scope = "providers/Microsoft.Management/managementGroups/contoso";
string ruleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8";
ResourceIdentifier governanceRuleResourceId = GovernanceRuleResource.CreateResourceIdentifier(scope, ruleId);
GovernanceRuleResource governanceRule = client.GetGovernanceRuleResource(governanceRuleResourceId);
// invoke the operation
GovernanceRuleData data = new GovernanceRuleData()
{
DisplayName = "Management group rule",
Description = "A rule for a management group",
RemediationTimeframe = "7.00:00:00",
IsGracePeriod = true,
RulePriority = 200,
IsDisabled = false,
RuleType = GovernanceRuleType.Integrated,
SourceResourceType = GovernanceRuleSourceResourceType.Assessments,
ExcludedScopes =
{
"/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"
},
ConditionSets =
{
BinaryData.FromObjectAsJson(new Dictionary<string, object>()
{
["conditions"] = new object[] { new Dictionary<string, object>()
{
["operator"] = "In",
["property"] = "$.AssessmentKey",
["value"] = "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]"} }})
},
OwnerSource = new GovernanceRuleOwnerSource()
{
SourceType = GovernanceRuleOwnerSourceType.Manually,
Value = "user@contoso.com",
},
GovernanceEmailNotification = new GovernanceRuleEmailNotification()
{
IsManagerEmailNotificationDisabled = true,
IsOwnerEmailNotificationDisabled = false,
},
};
ArmOperation<GovernanceRuleResource> lro = await governanceRule.UpdateAsync(WaitUntil.Completed, data);
GovernanceRuleResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
GovernanceRuleData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Exempelsvar
{
"id": "providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"type": "Microsoft.Security/governanceRules",
"properties": {
"tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23",
"displayName": "Management group rule",
"description": "A rule for a management group",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 200,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
"operator": "In"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": true,
"disableOwnerEmailNotification": false
},
"excludedScopes": [
"/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"
],
"includeMemberScopes": false,
"metadata": {
"createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"createdOn": "2022-11-10T08:31:26.7993124Z",
"updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"updatedOn": "2022-11-10T08:31:26.7993124Z"
}
}
}
{
"id": "providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"type": "Microsoft.Security/governanceRules",
"properties": {
"tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23",
"displayName": "Management group rule",
"description": "A rule for a management group",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 200,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
"operator": "In"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": true,
"disableOwnerEmailNotification": false
},
"excludedScopes": [
"/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"
],
"includeMemberScopes": false,
"metadata": {
"createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"createdOn": "2022-11-10T08:31:26.7993124Z",
"updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"updatedOn": "2022-11-10T08:31:26.7993124Z"
}
}
}
Create or update governance rule over security connector scope
Exempelbegäran
PUT https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8?api-version=2022-01-01-preview
{
"properties": {
"displayName": "GCP Admin's rule",
"description": "A rule on critical GCP recommendations",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 200,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
"operator": "In"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": true,
"disableOwnerEmailNotification": false
}
}
}
import com.azure.core.management.serializer.SerializerFactory;
import com.azure.core.util.serializer.SerializerEncoding;
import com.azure.resourcemanager.security.models.GovernanceRuleEmailNotification;
import com.azure.resourcemanager.security.models.GovernanceRuleOwnerSource;
import com.azure.resourcemanager.security.models.GovernanceRuleOwnerSourceType;
import com.azure.resourcemanager.security.models.GovernanceRuleSourceResourceType;
import com.azure.resourcemanager.security.models.GovernanceRuleType;
import java.io.IOException;
import java.util.Arrays;
/**
* Samples for GovernanceRules CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/
* PutSecurityConnectorGovernanceRule_example.json
*/
/**
* Sample code: Create or update governance rule over security connector scope.
*
* @param manager Entry point to SecurityManager.
*/
public static void createOrUpdateGovernanceRuleOverSecurityConnectorScope(
com.azure.resourcemanager.security.SecurityManager manager) throws IOException {
manager.governanceRules().define("ad9a8e26-29d9-4829-bb30-e597a58cdbb8").withExistingScope(
"subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector")
.withDisplayName("GCP Admin's rule").withDescription("A rule on critical GCP recommendations")
.withRemediationTimeframe("7.00:00:00").withIsGracePeriod(true).withRulePriority(200).withIsDisabled(false)
.withRuleType(GovernanceRuleType.INTEGRATED)
.withSourceResourceType(GovernanceRuleSourceResourceType.ASSESSMENTS)
.withConditionSets(Arrays.asList(SerializerFactory.createDefaultManagementSerializerAdapter().deserialize(
"{\"conditions\":[{\"operator\":\"In\",\"property\":\"$.AssessmentKey\",\"value\":\"[\\\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\\\", \\\"fe83f80b-073d-4ccf-93d9-6797eb870201\\\"]\"}]}",
Object.class, SerializerEncoding.JSON)))
.withOwnerSource(new GovernanceRuleOwnerSource().withType(GovernanceRuleOwnerSourceType.MANUALLY)
.withValue("user@contoso.com"))
.withGovernanceEmailNotification(new GovernanceRuleEmailNotification()
.withDisableManagerEmailNotification(true).withDisableOwnerEmailNotification(false))
.create();
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutSecurityConnectorGovernanceRule_example.json
func ExampleGovernanceRulesClient_CreateOrUpdate_createOrUpdateGovernanceRuleOverSecurityConnectorScope() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewGovernanceRulesClient().CreateOrUpdate(ctx, "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector", "ad9a8e26-29d9-4829-bb30-e597a58cdbb8", armsecurity.GovernanceRule{
Properties: &armsecurity.GovernanceRuleProperties{
Description: to.Ptr("A rule on critical GCP recommendations"),
ConditionSets: []any{
map[string]any{
"conditions": []any{
map[string]any{
"operator": "In",
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
},
},
}},
DisplayName: to.Ptr("GCP Admin's rule"),
GovernanceEmailNotification: &armsecurity.GovernanceRuleEmailNotification{
DisableManagerEmailNotification: to.Ptr(true),
DisableOwnerEmailNotification: to.Ptr(false),
},
IsDisabled: to.Ptr(false),
IsGracePeriod: to.Ptr(true),
OwnerSource: &armsecurity.GovernanceRuleOwnerSource{
Type: to.Ptr(armsecurity.GovernanceRuleOwnerSourceTypeManually),
Value: to.Ptr("user@contoso.com"),
},
RemediationTimeframe: to.Ptr("7.00:00:00"),
RulePriority: to.Ptr[int32](200),
RuleType: to.Ptr(armsecurity.GovernanceRuleTypeIntegrated),
SourceResourceType: to.Ptr(armsecurity.GovernanceRuleSourceResourceTypeAssessments),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.GovernanceRule = armsecurity.GovernanceRule{
// Name: to.Ptr("ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
// Type: to.Ptr("Microsoft.Security/governanceRules"),
// ID: to.Ptr("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
// Properties: &armsecurity.GovernanceRuleProperties{
// Description: to.Ptr("A rule on critical GCP recommendations"),
// ConditionSets: []any{
// map[string]any{
// "conditions":[]any{
// map[string]any{
// "operator": "In",
// "property": "$.AssessmentKey",
// "value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
// },
// },
// }},
// DisplayName: to.Ptr("GCP Admin's rule"),
// ExcludedScopes: []*string{
// },
// GovernanceEmailNotification: &armsecurity.GovernanceRuleEmailNotification{
// DisableManagerEmailNotification: to.Ptr(true),
// DisableOwnerEmailNotification: to.Ptr(false),
// },
// IncludeMemberScopes: to.Ptr(false),
// IsDisabled: to.Ptr(false),
// IsGracePeriod: to.Ptr(true),
// Metadata: &armsecurity.GovernanceRuleMetadata{
// CreatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// CreatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// UpdatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// UpdatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// },
// OwnerSource: &armsecurity.GovernanceRuleOwnerSource{
// Type: to.Ptr(armsecurity.GovernanceRuleOwnerSourceTypeManually),
// Value: to.Ptr("user@contoso.com"),
// },
// RemediationTimeframe: to.Ptr("7.00:00:00"),
// RulePriority: to.Ptr[int32](200),
// RuleType: to.Ptr(armsecurity.GovernanceRuleTypeIntegrated),
// SourceResourceType: to.Ptr(armsecurity.GovernanceRuleSourceResourceTypeAssessments),
// TenantID: to.Ptr("f0b6d37b-e4bc-4719-9291-c066c3194f23"),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Creates or updates a governance rule over a given scope
*
* @summary Creates or updates a governance rule over a given scope
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutSecurityConnectorGovernanceRule_example.json
*/
async function createOrUpdateGovernanceRuleOverSecurityConnectorScope() {
const scope =
"subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector";
const ruleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8";
const governanceRule = {
description: "A rule on critical GCP recommendations",
conditionSets: [
{
conditions: [
{
operator: "In",
property: "$.AssessmentKey",
value:
'["b1cd27e0-4ecc-4246-939f-49c426d9d72f", "fe83f80b-073d-4ccf-93d9-6797eb870201"]',
},
],
},
],
displayName: "GCP Admin's rule",
governanceEmailNotification: {
disableManagerEmailNotification: true,
disableOwnerEmailNotification: false,
},
isDisabled: false,
isGracePeriod: true,
ownerSource: { type: "Manually", value: "user@contoso.com" },
remediationTimeframe: "7.00:00:00",
rulePriority: 200,
ruleType: "Integrated",
sourceResourceType: "Assessments",
};
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential);
const result = await client.governanceRules.createOrUpdate(scope, ruleId, governanceRule);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;
// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutSecurityConnectorGovernanceRule_example.json
// this example is just showing the usage of "GovernanceRules_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this GovernanceRuleResource created on azure
// for more information of creating GovernanceRuleResource, please refer to the document of GovernanceRuleResource
string scope = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector";
string ruleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8";
ResourceIdentifier governanceRuleResourceId = GovernanceRuleResource.CreateResourceIdentifier(scope, ruleId);
GovernanceRuleResource governanceRule = client.GetGovernanceRuleResource(governanceRuleResourceId);
// invoke the operation
GovernanceRuleData data = new GovernanceRuleData()
{
DisplayName = "GCP Admin's rule",
Description = "A rule on critical GCP recommendations",
RemediationTimeframe = "7.00:00:00",
IsGracePeriod = true,
RulePriority = 200,
IsDisabled = false,
RuleType = GovernanceRuleType.Integrated,
SourceResourceType = GovernanceRuleSourceResourceType.Assessments,
ConditionSets =
{
BinaryData.FromObjectAsJson(new Dictionary<string, object>()
{
["conditions"] = new object[] { new Dictionary<string, object>()
{
["operator"] = "In",
["property"] = "$.AssessmentKey",
["value"] = "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]"} }})
},
OwnerSource = new GovernanceRuleOwnerSource()
{
SourceType = GovernanceRuleOwnerSourceType.Manually,
Value = "user@contoso.com",
},
GovernanceEmailNotification = new GovernanceRuleEmailNotification()
{
IsManagerEmailNotificationDisabled = true,
IsOwnerEmailNotificationDisabled = false,
},
};
ArmOperation<GovernanceRuleResource> lro = await governanceRule.UpdateAsync(WaitUntil.Completed, data);
GovernanceRuleResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
GovernanceRuleData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Exempelsvar
{
"id": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"type": "Microsoft.Security/governanceRules",
"properties": {
"tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23",
"displayName": "GCP Admin's rule",
"description": "A rule on critical GCP recommendations",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 200,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
"operator": "In"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": true,
"disableOwnerEmailNotification": false
},
"excludedScopes": [],
"includeMemberScopes": false,
"metadata": {
"createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"createdOn": "2022-11-10T08:31:26.7993124Z",
"updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"updatedOn": "2022-11-10T08:31:26.7993124Z"
}
}
}
{
"id": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"type": "Microsoft.Security/governanceRules",
"properties": {
"displayName": "GCP Admin's rule",
"description": "A rule on critical GCP recommendations",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 200,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
"operator": "In"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": true,
"disableOwnerEmailNotification": false
},
"excludedScopes": [],
"includeMemberScopes": false,
"metadata": {
"createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"createdOn": "2022-11-10T08:31:26.7993124Z",
"updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"updatedOn": "2022-11-10T08:31:26.7993124Z"
}
}
}
Create or update governance rule over subscription scope
Exempelbegäran
PUT https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8?api-version=2022-01-01-preview
{
"properties": {
"displayName": "Admin's rule",
"description": "A rule for critical recommendations",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 200,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
"operator": "In"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": false,
"disableOwnerEmailNotification": false
}
}
}
import com.azure.core.management.serializer.SerializerFactory;
import com.azure.core.util.serializer.SerializerEncoding;
import com.azure.resourcemanager.security.models.GovernanceRuleEmailNotification;
import com.azure.resourcemanager.security.models.GovernanceRuleOwnerSource;
import com.azure.resourcemanager.security.models.GovernanceRuleOwnerSourceType;
import com.azure.resourcemanager.security.models.GovernanceRuleSourceResourceType;
import com.azure.resourcemanager.security.models.GovernanceRuleType;
import java.io.IOException;
import java.util.Arrays;
/**
* Samples for GovernanceRules CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/
* PutGovernanceRule_example.json
*/
/**
* Sample code: Create or update governance rule over subscription scope.
*
* @param manager Entry point to SecurityManager.
*/
public static void createOrUpdateGovernanceRuleOverSubscriptionScope(
com.azure.resourcemanager.security.SecurityManager manager) throws IOException {
manager.governanceRules().define("ad9a8e26-29d9-4829-bb30-e597a58cdbb8")
.withExistingScope("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23").withDisplayName("Admin's rule")
.withDescription("A rule for critical recommendations").withRemediationTimeframe("7.00:00:00")
.withIsGracePeriod(true).withRulePriority(200).withIsDisabled(false)
.withRuleType(GovernanceRuleType.INTEGRATED)
.withSourceResourceType(GovernanceRuleSourceResourceType.ASSESSMENTS)
.withConditionSets(Arrays.asList(SerializerFactory.createDefaultManagementSerializerAdapter().deserialize(
"{\"conditions\":[{\"operator\":\"In\",\"property\":\"$.AssessmentKey\",\"value\":\"[\\\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\\\", \\\"fe83f80b-073d-4ccf-93d9-6797eb870201\\\"]\"}]}",
Object.class, SerializerEncoding.JSON)))
.withOwnerSource(new GovernanceRuleOwnerSource().withType(GovernanceRuleOwnerSourceType.MANUALLY)
.withValue("user@contoso.com"))
.withGovernanceEmailNotification(new GovernanceRuleEmailNotification()
.withDisableManagerEmailNotification(false).withDisableOwnerEmailNotification(false))
.create();
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutGovernanceRule_example.json
func ExampleGovernanceRulesClient_CreateOrUpdate_createOrUpdateGovernanceRuleOverSubscriptionScope() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewGovernanceRulesClient().CreateOrUpdate(ctx, "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23", "ad9a8e26-29d9-4829-bb30-e597a58cdbb8", armsecurity.GovernanceRule{
Properties: &armsecurity.GovernanceRuleProperties{
Description: to.Ptr("A rule for critical recommendations"),
ConditionSets: []any{
map[string]any{
"conditions": []any{
map[string]any{
"operator": "In",
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
},
},
}},
DisplayName: to.Ptr("Admin's rule"),
GovernanceEmailNotification: &armsecurity.GovernanceRuleEmailNotification{
DisableManagerEmailNotification: to.Ptr(false),
DisableOwnerEmailNotification: to.Ptr(false),
},
IsDisabled: to.Ptr(false),
IsGracePeriod: to.Ptr(true),
OwnerSource: &armsecurity.GovernanceRuleOwnerSource{
Type: to.Ptr(armsecurity.GovernanceRuleOwnerSourceTypeManually),
Value: to.Ptr("user@contoso.com"),
},
RemediationTimeframe: to.Ptr("7.00:00:00"),
RulePriority: to.Ptr[int32](200),
RuleType: to.Ptr(armsecurity.GovernanceRuleTypeIntegrated),
SourceResourceType: to.Ptr(armsecurity.GovernanceRuleSourceResourceTypeAssessments),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.GovernanceRule = armsecurity.GovernanceRule{
// Name: to.Ptr("ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
// Type: to.Ptr("Microsoft.Security/governanceRules"),
// ID: to.Ptr("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
// Properties: &armsecurity.GovernanceRuleProperties{
// Description: to.Ptr("A rule for critical recommendations"),
// ConditionSets: []any{
// map[string]any{
// "conditions":[]any{
// map[string]any{
// "operator": "In",
// "property": "$.AssessmentKey",
// "value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
// },
// },
// }},
// DisplayName: to.Ptr("Admin's rule"),
// ExcludedScopes: []*string{
// },
// GovernanceEmailNotification: &armsecurity.GovernanceRuleEmailNotification{
// DisableManagerEmailNotification: to.Ptr(false),
// DisableOwnerEmailNotification: to.Ptr(false),
// },
// IncludeMemberScopes: to.Ptr(false),
// IsDisabled: to.Ptr(false),
// IsGracePeriod: to.Ptr(true),
// Metadata: &armsecurity.GovernanceRuleMetadata{
// CreatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// CreatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// UpdatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// UpdatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// },
// OwnerSource: &armsecurity.GovernanceRuleOwnerSource{
// Type: to.Ptr(armsecurity.GovernanceRuleOwnerSourceTypeManually),
// Value: to.Ptr("user@contoso.com"),
// },
// RemediationTimeframe: to.Ptr("7.00:00:00"),
// RulePriority: to.Ptr[int32](200),
// RuleType: to.Ptr(armsecurity.GovernanceRuleTypeIntegrated),
// SourceResourceType: to.Ptr(armsecurity.GovernanceRuleSourceResourceTypeAssessments),
// TenantID: to.Ptr("f0b6d37b-e4bc-4719-9291-c066c3194f23"),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Creates or updates a governance rule over a given scope
*
* @summary Creates or updates a governance rule over a given scope
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutGovernanceRule_example.json
*/
async function createOrUpdateGovernanceRuleOverSubscriptionScope() {
const scope = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23";
const ruleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8";
const governanceRule = {
description: "A rule for critical recommendations",
conditionSets: [
{
conditions: [
{
operator: "In",
property: "$.AssessmentKey",
value:
'["b1cd27e0-4ecc-4246-939f-49c426d9d72f", "fe83f80b-073d-4ccf-93d9-6797eb870201"]',
},
],
},
],
displayName: "Admin's rule",
governanceEmailNotification: {
disableManagerEmailNotification: false,
disableOwnerEmailNotification: false,
},
isDisabled: false,
isGracePeriod: true,
ownerSource: { type: "Manually", value: "user@contoso.com" },
remediationTimeframe: "7.00:00:00",
rulePriority: 200,
ruleType: "Integrated",
sourceResourceType: "Assessments",
};
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential);
const result = await client.governanceRules.createOrUpdate(scope, ruleId, governanceRule);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;
// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutGovernanceRule_example.json
// this example is just showing the usage of "GovernanceRules_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this GovernanceRuleResource created on azure
// for more information of creating GovernanceRuleResource, please refer to the document of GovernanceRuleResource
string scope = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23";
string ruleId = "ad9a8e26-29d9-4829-bb30-e597a58cdbb8";
ResourceIdentifier governanceRuleResourceId = GovernanceRuleResource.CreateResourceIdentifier(scope, ruleId);
GovernanceRuleResource governanceRule = client.GetGovernanceRuleResource(governanceRuleResourceId);
// invoke the operation
GovernanceRuleData data = new GovernanceRuleData()
{
DisplayName = "Admin's rule",
Description = "A rule for critical recommendations",
RemediationTimeframe = "7.00:00:00",
IsGracePeriod = true,
RulePriority = 200,
IsDisabled = false,
RuleType = GovernanceRuleType.Integrated,
SourceResourceType = GovernanceRuleSourceResourceType.Assessments,
ConditionSets =
{
BinaryData.FromObjectAsJson(new Dictionary<string, object>()
{
["conditions"] = new object[] { new Dictionary<string, object>()
{
["operator"] = "In",
["property"] = "$.AssessmentKey",
["value"] = "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]"} }})
},
OwnerSource = new GovernanceRuleOwnerSource()
{
SourceType = GovernanceRuleOwnerSourceType.Manually,
Value = "user@contoso.com",
},
GovernanceEmailNotification = new GovernanceRuleEmailNotification()
{
IsManagerEmailNotificationDisabled = false,
IsOwnerEmailNotificationDisabled = false,
},
};
ArmOperation<GovernanceRuleResource> lro = await governanceRule.UpdateAsync(WaitUntil.Completed, data);
GovernanceRuleResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
GovernanceRuleData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Exempelsvar
{
"id": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"type": "Microsoft.Security/governanceRules",
"properties": {
"tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23",
"displayName": "Admin's rule",
"description": "A rule for critical recommendations",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 200,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
"operator": "In"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": false,
"disableOwnerEmailNotification": false
},
"excludedScopes": [],
"includeMemberScopes": false,
"metadata": {
"createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"createdOn": "2022-11-10T08:31:26.7993124Z",
"updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"updatedOn": "2022-11-10T08:31:26.7993124Z"
}
}
}
{
"id": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"type": "Microsoft.Security/governanceRules",
"properties": {
"tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23",
"displayName": "Admin's rule",
"description": "A rule for critical recommendations",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 200,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
"operator": "In"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": false,
"disableOwnerEmailNotification": false
},
"excludedScopes": [],
"includeMemberScopes": false,
"metadata": {
"createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"createdOn": "2022-11-10T08:31:26.7993124Z",
"updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"updatedOn": "2022-11-10T08:31:26.7993124Z"
}
}
}
Definitioner
CloudError
Vanligt felsvar för alla Azure Resource Manager-API:er för att returnera felinformation för misslyckade åtgärder. (Detta följer även formatet för OData-felsvar.).
| Name |
Typ |
Description |
|
error.additionalInfo
|
ErrorAdditionalInfo[]
|
Ytterligare information om felet.
|
|
error.code
|
string
|
Felkoden.
|
|
error.details
|
CloudErrorBody[]
|
Felinformationen.
|
|
error.message
|
string
|
Felmeddelandet.
|
|
error.target
|
string
|
Felmålet.
|
CloudErrorBody
Felinformationen.
| Name |
Typ |
Description |
|
additionalInfo
|
ErrorAdditionalInfo[]
|
Ytterligare information om felet.
|
|
code
|
string
|
Felkoden.
|
|
details
|
CloudErrorBody[]
|
Felinformationen.
|
|
message
|
string
|
Felmeddelandet.
|
|
target
|
string
|
Felmålet.
|
Condition
Styrningsregelns villkor
| Name |
Typ |
Description |
|
operator
|
GovernanceRuleConditionOperator
|
Styrningsregelns villkorsoperator, till exempel Lika med för allvarlighetsgrad eller I för lista över utvärderingar, se exempel
|
|
property
|
string
|
Styrningsregelns egenskap, t.ex. Allvarlighetsgrad eller AssessmentKey, se exempel
|
|
value
|
string
|
Styrningsregelns Värde som allvarlighetsgrad Låg, Hög eller utvärderingsnycklar, se exempel
|
ErrorAdditionalInfo
Ytterligare information om resurshanteringsfelet.
| Name |
Typ |
Description |
|
info
|
object
|
Ytterligare information.
|
|
type
|
string
|
Ytterligare informationstyp.
|
GovernanceRule
Styrningsregel över ett visst omfång
| Name |
Typ |
Description |
|
id
|
string
|
Resurs-ID
|
|
name
|
string
|
Resursnamn
|
|
properties.conditionSets
|
Condition[]
|
StyrningsregelvillkorUppsättningar – se exempel
|
|
properties.description
|
string
|
Beskrivning av styrningsregeln
|
|
properties.displayName
|
string
|
Visningsnamn för styrningsregeln
|
|
properties.excludedScopes
|
string[]
|
Exkluderade omfång filtrerar du bort underordnade till omfånget (på hanteringsomfång)
|
|
properties.governanceEmailNotification
|
GovernanceRuleEmailNotification
|
Inställningarna för e-postaviseringar för styrningsregeln anger om meddelanden för hanteraren och ägare ska inaktiveras
|
|
properties.includeMemberScopes
|
boolean
|
Definierar om regeln är hanteringsomfångsregel (huvudanslutning som ett enda omfång eller hanteringsomfång)
|
|
properties.isDisabled
|
boolean
|
Definierar om regeln är aktiv/inaktiv
|
|
properties.isGracePeriod
|
boolean
|
Definierar om det finns en respitperiod för styrningsregeln
|
|
properties.metadata
|
GovernanceRuleMetadata
|
Metadata för styrningsregeln
|
|
properties.ownerSource
|
GovernanceRuleOwnerSource
|
Ägarkällan för styrningsregeln – t.ex. manuellt av user@contoso.com – se exempel
|
|
properties.remediationTimeframe
|
string
|
Tidsram för reparation av styrningsregel – det här är den tid som påverkar respitperiodens varaktighet, t.ex. 7.00:00:00 – innebär 7 dagar
|
|
properties.rulePriority
|
integer
|
Styrningsregelns prioritet, prioritet till det lägre talet. Regler med samma prioritet för samma omfång tillåts inte
|
|
properties.ruleType
|
GovernanceRuleType
|
Regeltypen för styrningsregeln definierar källan till regeln, t.ex. integrerad
|
|
properties.sourceResourceType
|
GovernanceRuleSourceResourceType
|
Styrningsregelkällan, vad regeln påverkar, t.ex. utvärderingar
|
|
properties.tenantId
|
string
|
TenantId (GUID)
|
|
type
|
string
|
Resurstyp
|
GovernanceRuleConditionOperator
Styrningsregelns villkorsoperator, till exempel Lika med för allvarlighetsgrad eller I för lista över utvärderingar, se exempel
| Name |
Typ |
Description |
|
Equals
|
string
|
Kontrollerar att strängvärdet för data som definierats i Egenskapen är lika med det angivna värdet – exakt passform
|
|
In
|
string
|
Kontrollerar att strängvärdet för data som definierats i Egenskapen är lika med något av de angivna värdena (exakt passform)
|
GovernanceRuleEmailNotification
Konfiguration av e-post för styrning varje vecka
| Name |
Typ |
Description |
|
disableManagerEmailNotification
|
boolean
|
Definierar om e-postaviseringar för chef är inaktiverade
|
|
disableOwnerEmailNotification
|
boolean
|
Definierar om ägarens e-postaviseringar är inaktiverade
|
Metadata för styrningsregeln
| Name |
Typ |
Description |
|
createdBy
|
string
|
Styrningsregel skapad av objekt-ID (GUID)
|
|
createdOn
|
string
|
Skapandedatum för styrningsregel
|
|
updatedBy
|
string
|
Styrningsregeln uppdaterades senast av objekt-ID (GUID)
|
|
updatedOn
|
string
|
Styrningsregel senaste uppdateringsdatum
|
GovernanceRuleOwnerSource
Beskriv ägarkällan för styrningsregeln
| Name |
Typ |
Description |
|
type
|
GovernanceRuleOwnerSourceType
|
Ägartyp för ägarkällan för styrningsregeln
|
|
value
|
string
|
Källvärdet, t.ex. taggnyckel som ägarens namn eller e-postadress
|
GovernanceRuleOwnerSourceType
Ägartyp för ägarkällan för styrningsregeln
| Name |
Typ |
Description |
|
ByTag
|
string
|
Regelkällans typ som definierats med hjälp av resurstaggen
|
|
Manually
|
string
|
Regelkällans typ definieras manuellt
|
GovernanceRuleSourceResourceType
Styrningsregelkällan, vad regeln påverkar, t.ex. utvärderingar
| Name |
Typ |
Description |
|
Assessments
|
string
|
Källan till styrningsregeln är utvärderingar
|
GovernanceRuleType
Regeltypen för styrningsregeln definierar källan till regeln, t.ex. integrerad
| Name |
Typ |
Description |
|
Integrated
|
string
|
Källan till regeltypdefinitionen är integrerad
|
|
ServiceNow
|
string
|
Källan till regeltypdefinitionen är ServiceNow
|