Hämta en lista över alla relevanta styrningsregler över ett omfång
GET https://management.azure.com/{scope}/providers/Microsoft.Security/governanceRules?api-version=2022-01-01-preview
URI-parametrar
| Name |
I |
Obligatorisk |
Typ |
Description |
|
scope
|
path |
True
|
string
|
Omfånget för styrningsreglerna. Giltiga omfång är: hanteringsgrupp (format: "providers/Microsoft.Management/managementGroups/{managementGroup}", prenumeration (format: "subscriptions/{subscriptionId}") eller säkerhetsanslutningsprogram (format: "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName})"
|
|
api-version
|
query |
True
|
string
|
API-version för åtgärden
|
Svar
Säkerhet
azure_auth
Azure Active Directory OAuth2 Flow
Typ:
oauth2
Flow:
implicit
Auktoriseringswebbadress:
https://login.microsoftonline.com/common/oauth2/authorize
Omfattningar
| Name |
Description |
|
user_impersonation
|
personifiera ditt användarkonto
|
Exempel
List governance rules by management group scope
Exempelbegäran
GET https://management.azure.com/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/governanceRules?api-version=2022-01-01-preview
/**
* Samples for GovernanceRules List.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/
* ListByManagementGroupGovernanceRules_example.json
*/
/**
* Sample code: List governance rules by management group scope.
*
* @param manager Entry point to SecurityManager.
*/
public static void
listGovernanceRulesByManagementGroupScope(com.azure.resourcemanager.security.SecurityManager manager) {
manager.governanceRules().list("providers/Microsoft.Management/managementGroups/contoso",
com.azure.core.util.Context.NONE);
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/ListByManagementGroupGovernanceRules_example.json
func ExampleGovernanceRulesClient_NewListPager_listGovernanceRulesByManagementGroupScope() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
pager := clientFactory.NewGovernanceRulesClient().NewListPager("providers/Microsoft.Management/managementGroups/contoso", nil)
for pager.More() {
page, err := pager.NextPage(ctx)
if err != nil {
log.Fatalf("failed to advance page: %v", err)
}
for _, v := range page.Value {
// You could use page here. We use blank identifier for just demo purposes.
_ = v
}
// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// page.GovernanceRuleList = armsecurity.GovernanceRuleList{
// Value: []*armsecurity.GovernanceRule{
// {
// Name: to.Ptr("ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
// Type: to.Ptr("Microsoft.Security/governanceRules"),
// ID: to.Ptr("providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
// Properties: &armsecurity.GovernanceRuleProperties{
// Description: to.Ptr("A rule for a management group"),
// ConditionSets: []any{
// map[string]any{
// "conditions":[]any{
// map[string]any{
// "operator": "In",
// "property": "$.AssessmentKey",
// "value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
// },
// },
// }},
// DisplayName: to.Ptr("Management group rule"),
// GovernanceEmailNotification: &armsecurity.GovernanceRuleEmailNotification{
// DisableManagerEmailNotification: to.Ptr(false),
// DisableOwnerEmailNotification: to.Ptr(false),
// },
// IsDisabled: to.Ptr(false),
// IsGracePeriod: to.Ptr(true),
// Metadata: &armsecurity.GovernanceRuleMetadata{
// CreatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// CreatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// UpdatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// UpdatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// },
// OwnerSource: &armsecurity.GovernanceRuleOwnerSource{
// Type: to.Ptr(armsecurity.GovernanceRuleOwnerSourceTypeManually),
// Value: to.Ptr("user@contoso.com"),
// },
// RemediationTimeframe: to.Ptr("7.00:00:00"),
// RulePriority: to.Ptr[int32](100),
// RuleType: to.Ptr(armsecurity.GovernanceRuleTypeIntegrated),
// SourceResourceType: to.Ptr(armsecurity.GovernanceRuleSourceResourceTypeAssessments),
// TenantID: to.Ptr("f0b6d37b-e4bc-4719-9291-c066c3194f23"),
// },
// },
// {
// Name: to.Ptr("4106f43c-6d82-4fc8-a92c-dcfe50799d1d"),
// Type: to.Ptr("Microsoft.Security/governanceRules"),
// ID: to.Ptr("providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/governanceRules/4106f43c-6d82-4fc8-a92c-dcfe50799d1d"),
// Properties: &armsecurity.GovernanceRuleProperties{
// Description: to.Ptr("A rule for a management group"),
// ConditionSets: []any{
// map[string]any{
// "conditions":[]any{
// map[string]any{
// "operator": "Equals",
// "property": "$.Metadata.Severity",
// "value": "Low",
// },
// },
// }},
// DisplayName: to.Ptr("Management group rule 2"),
// ExcludedScopes: []*string{
// to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23")},
// GovernanceEmailNotification: &armsecurity.GovernanceRuleEmailNotification{
// DisableManagerEmailNotification: to.Ptr(false),
// DisableOwnerEmailNotification: to.Ptr(false),
// },
// IncludeMemberScopes: to.Ptr(false),
// IsDisabled: to.Ptr(false),
// IsGracePeriod: to.Ptr(true),
// Metadata: &armsecurity.GovernanceRuleMetadata{
// CreatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// CreatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// UpdatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// UpdatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// },
// OwnerSource: &armsecurity.GovernanceRuleOwnerSource{
// Type: to.Ptr(armsecurity.GovernanceRuleOwnerSourceTypeManually),
// Value: to.Ptr("user@contoso.com"),
// },
// RemediationTimeframe: to.Ptr("7.00:00:00"),
// RulePriority: to.Ptr[int32](200),
// RuleType: to.Ptr(armsecurity.GovernanceRuleTypeIntegrated),
// SourceResourceType: to.Ptr(armsecurity.GovernanceRuleSourceResourceTypeAssessments),
// TenantID: to.Ptr("f0b6d37b-e4bc-4719-9291-c066c3194f23"),
// },
// }},
// }
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Get a list of all relevant governance rules over a scope
*
* @summary Get a list of all relevant governance rules over a scope
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/ListByManagementGroupGovernanceRules_example.json
*/
async function listGovernanceRulesByManagementGroupScope() {
const scope = "providers/Microsoft.Management/managementGroups/contoso";
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential);
const resArray = new Array();
for await (let item of client.governanceRules.list(scope)) {
resArray.push(item);
}
console.log(resArray);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.SecurityCenter.Models;
using Azure.ResourceManager.SecurityCenter;
// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/ListByManagementGroupGovernanceRules_example.json
// this example is just showing the usage of "GovernanceRules_List" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// get the collection of this GovernanceRuleResource
string scope = "providers/Microsoft.Management/managementGroups/contoso";
GovernanceRuleCollection collection = client.GetGovernanceRules(new ResourceIdentifier(scope));
// invoke the operation and iterate over the result
await foreach (GovernanceRuleResource item in collection.GetAllAsync())
{
// the variable item is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
GovernanceRuleData resourceData = item.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
}
Console.WriteLine("Succeeded");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Exempelsvar
{
"value": [
{
"id": "providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"type": "Microsoft.Security/governanceRules",
"properties": {
"tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23",
"displayName": "Management group rule",
"description": "A rule for a management group",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 100,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
"operator": "In"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": false,
"disableOwnerEmailNotification": false
},
"metadata": {
"createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"createdOn": "2022-11-10T08:31:26.7993124Z",
"updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"updatedOn": "2022-11-10T08:31:26.7993124Z"
}
}
},
{
"id": "providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/governanceRules/4106f43c-6d82-4fc8-a92c-dcfe50799d1d",
"name": "4106f43c-6d82-4fc8-a92c-dcfe50799d1d",
"type": "Microsoft.Security/governanceRules",
"properties": {
"tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23",
"displayName": "Management group rule 2",
"description": "A rule for a management group",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 200,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.Metadata.Severity",
"value": "Low",
"operator": "Equals"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": false,
"disableOwnerEmailNotification": false
},
"excludedScopes": [
"/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"
],
"includeMemberScopes": false,
"metadata": {
"createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"createdOn": "2022-11-10T08:31:26.7993124Z",
"updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"updatedOn": "2022-11-10T08:31:26.7993124Z"
}
}
}
]
}
List governance rules by security connector scope
Exempelbegäran
GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/governanceRules?api-version=2022-01-01-preview
/**
* Samples for GovernanceRules List.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/
* ListBySecurityConnectorGovernanceRules_example.json
*/
/**
* Sample code: List governance rules by security connector scope.
*
* @param manager Entry point to SecurityManager.
*/
public static void
listGovernanceRulesBySecurityConnectorScope(com.azure.resourcemanager.security.SecurityManager manager) {
manager.governanceRules().list(
"subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector",
com.azure.core.util.Context.NONE);
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/ListBySecurityConnectorGovernanceRules_example.json
func ExampleGovernanceRulesClient_NewListPager_listGovernanceRulesBySecurityConnectorScope() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
pager := clientFactory.NewGovernanceRulesClient().NewListPager("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector", nil)
for pager.More() {
page, err := pager.NextPage(ctx)
if err != nil {
log.Fatalf("failed to advance page: %v", err)
}
for _, v := range page.Value {
// You could use page here. We use blank identifier for just demo purposes.
_ = v
}
// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// page.GovernanceRuleList = armsecurity.GovernanceRuleList{
// Value: []*armsecurity.GovernanceRule{
// {
// Name: to.Ptr("ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
// Type: to.Ptr("Microsoft.Security/governanceRules"),
// ID: to.Ptr("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
// Properties: &armsecurity.GovernanceRuleProperties{
// Description: to.Ptr("A rule on critical GCP recommendations"),
// ConditionSets: []any{
// map[string]any{
// "conditions":[]any{
// map[string]any{
// "operator": "In",
// "property": "$.AssessmentKey",
// "value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
// },
// },
// }},
// DisplayName: to.Ptr("Admin's GCP rule"),
// ExcludedScopes: []*string{
// },
// GovernanceEmailNotification: &armsecurity.GovernanceRuleEmailNotification{
// DisableManagerEmailNotification: to.Ptr(false),
// DisableOwnerEmailNotification: to.Ptr(false),
// },
// IncludeMemberScopes: to.Ptr(false),
// IsDisabled: to.Ptr(false),
// IsGracePeriod: to.Ptr(true),
// Metadata: &armsecurity.GovernanceRuleMetadata{
// CreatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// CreatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// UpdatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// UpdatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// },
// OwnerSource: &armsecurity.GovernanceRuleOwnerSource{
// Type: to.Ptr(armsecurity.GovernanceRuleOwnerSourceTypeManually),
// Value: to.Ptr("user@contoso.com"),
// },
// RemediationTimeframe: to.Ptr("7.00:00:00"),
// RulePriority: to.Ptr[int32](100),
// RuleType: to.Ptr(armsecurity.GovernanceRuleTypeIntegrated),
// SourceResourceType: to.Ptr(armsecurity.GovernanceRuleSourceResourceTypeAssessments),
// TenantID: to.Ptr("f0b6d37b-e4bc-4719-9291-c066c3194f23"),
// },
// },
// {
// Name: to.Ptr("4106f43c-6d82-4fc8-a92c-dcfe50799d1d"),
// Type: to.Ptr("Microsoft.Security/governanceRules"),
// ID: to.Ptr("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/governanceRules/4106f43c-6d82-4fc8-a92c-dcfe50799d1d"),
// Properties: &armsecurity.GovernanceRuleProperties{
// Description: to.Ptr("A rule on critical GCP recommendations"),
// ConditionSets: []any{
// map[string]any{
// "conditions":[]any{
// map[string]any{
// "operator": "Equals",
// "property": "$.Metadata.Severity",
// "value": "Low",
// },
// },
// }},
// DisplayName: to.Ptr("GCP Admin's rule"),
// ExcludedScopes: []*string{
// },
// GovernanceEmailNotification: &armsecurity.GovernanceRuleEmailNotification{
// DisableManagerEmailNotification: to.Ptr(false),
// DisableOwnerEmailNotification: to.Ptr(false),
// },
// IncludeMemberScopes: to.Ptr(false),
// IsDisabled: to.Ptr(false),
// IsGracePeriod: to.Ptr(true),
// Metadata: &armsecurity.GovernanceRuleMetadata{
// CreatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// CreatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// UpdatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// UpdatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// },
// OwnerSource: &armsecurity.GovernanceRuleOwnerSource{
// Type: to.Ptr(armsecurity.GovernanceRuleOwnerSourceTypeManually),
// Value: to.Ptr("user@contoso.com"),
// },
// RemediationTimeframe: to.Ptr("7.00:00:00"),
// RulePriority: to.Ptr[int32](200),
// RuleType: to.Ptr(armsecurity.GovernanceRuleTypeIntegrated),
// SourceResourceType: to.Ptr(armsecurity.GovernanceRuleSourceResourceTypeAssessments),
// TenantID: to.Ptr("f0b6d37b-e4bc-4719-9291-c066c3194f23"),
// },
// }},
// }
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Get a list of all relevant governance rules over a scope
*
* @summary Get a list of all relevant governance rules over a scope
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/ListBySecurityConnectorGovernanceRules_example.json
*/
async function listGovernanceRulesBySecurityConnectorScope() {
const scope =
"subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector";
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential);
const resArray = new Array();
for await (let item of client.governanceRules.list(scope)) {
resArray.push(item);
}
console.log(resArray);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.SecurityCenter.Models;
using Azure.ResourceManager.SecurityCenter;
// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/ListBySecurityConnectorGovernanceRules_example.json
// this example is just showing the usage of "GovernanceRules_List" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// get the collection of this GovernanceRuleResource
string scope = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector";
GovernanceRuleCollection collection = client.GetGovernanceRules(new ResourceIdentifier(scope));
// invoke the operation and iterate over the result
await foreach (GovernanceRuleResource item in collection.GetAllAsync())
{
// the variable item is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
GovernanceRuleData resourceData = item.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
}
Console.WriteLine("Succeeded");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Exempelsvar
{
"value": [
{
"id": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"type": "Microsoft.Security/governanceRules",
"properties": {
"tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23",
"displayName": "Admin's GCP rule",
"description": "A rule on critical GCP recommendations",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 100,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
"operator": "In"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": false,
"disableOwnerEmailNotification": false
},
"excludedScopes": [],
"includeMemberScopes": false,
"metadata": {
"createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"createdOn": "2022-11-10T08:31:26.7993124Z",
"updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"updatedOn": "2022-11-10T08:31:26.7993124Z"
}
}
},
{
"id": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/governanceRules/4106f43c-6d82-4fc8-a92c-dcfe50799d1d",
"name": "4106f43c-6d82-4fc8-a92c-dcfe50799d1d",
"type": "Microsoft.Security/governanceRules",
"properties": {
"tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23",
"displayName": "GCP Admin's rule",
"description": "A rule on critical GCP recommendations",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 200,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.Metadata.Severity",
"value": "Low",
"operator": "Equals"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": false,
"disableOwnerEmailNotification": false
},
"excludedScopes": [],
"includeMemberScopes": false,
"metadata": {
"createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"createdOn": "2022-11-10T08:31:26.7993124Z",
"updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"updatedOn": "2022-11-10T08:31:26.7993124Z"
}
}
}
]
}
List governance rules by subscription scope
Exempelbegäran
GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/governanceRules?api-version=2022-01-01-preview
/**
* Samples for GovernanceRules List.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/
* ListBySubscriptionGovernanceRules_example.json
*/
/**
* Sample code: List governance rules by subscription scope.
*
* @param manager Entry point to SecurityManager.
*/
public static void
listGovernanceRulesBySubscriptionScope(com.azure.resourcemanager.security.SecurityManager manager) {
manager.governanceRules().list("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
com.azure.core.util.Context.NONE);
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/ListBySubscriptionGovernanceRules_example.json
func ExampleGovernanceRulesClient_NewListPager_listGovernanceRulesBySubscriptionScope() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
pager := clientFactory.NewGovernanceRulesClient().NewListPager("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23", nil)
for pager.More() {
page, err := pager.NextPage(ctx)
if err != nil {
log.Fatalf("failed to advance page: %v", err)
}
for _, v := range page.Value {
// You could use page here. We use blank identifier for just demo purposes.
_ = v
}
// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// page.GovernanceRuleList = armsecurity.GovernanceRuleList{
// Value: []*armsecurity.GovernanceRule{
// {
// Name: to.Ptr("ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
// Type: to.Ptr("Microsoft.Security/governanceRules"),
// ID: to.Ptr("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8"),
// Properties: &armsecurity.GovernanceRuleProperties{
// Description: to.Ptr("A rule for critical recommendations"),
// ConditionSets: []any{
// map[string]any{
// "conditions":[]any{
// map[string]any{
// "operator": "In",
// "property": "$.AssessmentKey",
// "value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
// },
// },
// }},
// DisplayName: to.Ptr("Admin's rule"),
// ExcludedScopes: []*string{
// },
// GovernanceEmailNotification: &armsecurity.GovernanceRuleEmailNotification{
// DisableManagerEmailNotification: to.Ptr(false),
// DisableOwnerEmailNotification: to.Ptr(false),
// },
// IncludeMemberScopes: to.Ptr(false),
// IsDisabled: to.Ptr(false),
// IsGracePeriod: to.Ptr(true),
// Metadata: &armsecurity.GovernanceRuleMetadata{
// CreatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// CreatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// UpdatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// UpdatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// },
// OwnerSource: &armsecurity.GovernanceRuleOwnerSource{
// Type: to.Ptr(armsecurity.GovernanceRuleOwnerSourceTypeManually),
// Value: to.Ptr("user@contoso.com"),
// },
// RemediationTimeframe: to.Ptr("7.00:00:00"),
// RulePriority: to.Ptr[int32](100),
// RuleType: to.Ptr(armsecurity.GovernanceRuleTypeIntegrated),
// SourceResourceType: to.Ptr(armsecurity.GovernanceRuleSourceResourceTypeAssessments),
// TenantID: to.Ptr("f0b6d37b-e4bc-4719-9291-c066c3194f23"),
// },
// },
// {
// Name: to.Ptr("4106f43c-6d82-4fc8-a92c-dcfe50799d1d"),
// Type: to.Ptr("Microsoft.Security/governanceRules"),
// ID: to.Ptr("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/governanceRules/4106f43c-6d82-4fc8-a92c-dcfe50799d1d"),
// Properties: &armsecurity.GovernanceRuleProperties{
// Description: to.Ptr("A rule for critical recommendations"),
// ConditionSets: []any{
// map[string]any{
// "conditions":[]any{
// map[string]any{
// "operator": "Equals",
// "property": "$.Metadata.Severity",
// "value": "Low",
// },
// },
// }},
// DisplayName: to.Ptr("Admin's rule"),
// ExcludedScopes: []*string{
// },
// GovernanceEmailNotification: &armsecurity.GovernanceRuleEmailNotification{
// DisableManagerEmailNotification: to.Ptr(true),
// DisableOwnerEmailNotification: to.Ptr(true),
// },
// IncludeMemberScopes: to.Ptr(false),
// IsDisabled: to.Ptr(false),
// IsGracePeriod: to.Ptr(true),
// Metadata: &armsecurity.GovernanceRuleMetadata{
// CreatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// CreatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// UpdatedBy: to.Ptr("c23b5354-ff0a-4b2a-9f92-6f144effd936"),
// UpdatedOn: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-10T08:31:26.799Z"); return t}()),
// },
// OwnerSource: &armsecurity.GovernanceRuleOwnerSource{
// Type: to.Ptr(armsecurity.GovernanceRuleOwnerSourceTypeManually),
// Value: to.Ptr("user@contoso.com"),
// },
// RemediationTimeframe: to.Ptr("7.00:00:00"),
// RulePriority: to.Ptr[int32](200),
// RuleType: to.Ptr(armsecurity.GovernanceRuleTypeIntegrated),
// SourceResourceType: to.Ptr(armsecurity.GovernanceRuleSourceResourceTypeAssessments),
// TenantID: to.Ptr("f0b6d37b-e4bc-4719-9291-c066c3194f23"),
// },
// }},
// }
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Get a list of all relevant governance rules over a scope
*
* @summary Get a list of all relevant governance rules over a scope
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/ListBySubscriptionGovernanceRules_example.json
*/
async function listGovernanceRulesBySubscriptionScope() {
const scope = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23";
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential);
const resArray = new Array();
for await (let item of client.governanceRules.list(scope)) {
resArray.push(item);
}
console.log(resArray);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.SecurityCenter.Models;
using Azure.ResourceManager.SecurityCenter;
// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/ListBySubscriptionGovernanceRules_example.json
// this example is just showing the usage of "GovernanceRules_List" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// get the collection of this GovernanceRuleResource
string scope = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23";
GovernanceRuleCollection collection = client.GetGovernanceRules(new ResourceIdentifier(scope));
// invoke the operation and iterate over the result
await foreach (GovernanceRuleResource item in collection.GetAllAsync())
{
// the variable item is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
GovernanceRuleData resourceData = item.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
}
Console.WriteLine("Succeeded");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Exempelsvar
{
"value": [
{
"id": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
"type": "Microsoft.Security/governanceRules",
"properties": {
"tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23",
"displayName": "Admin's rule",
"description": "A rule for critical recommendations",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 100,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.AssessmentKey",
"value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
"operator": "In"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": false,
"disableOwnerEmailNotification": false
},
"excludedScopes": [],
"includeMemberScopes": false,
"metadata": {
"createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"createdOn": "2022-11-10T08:31:26.7993124Z",
"updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"updatedOn": "2022-11-10T08:31:26.7993124Z"
}
}
},
{
"id": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/governanceRules/4106f43c-6d82-4fc8-a92c-dcfe50799d1d",
"name": "4106f43c-6d82-4fc8-a92c-dcfe50799d1d",
"type": "Microsoft.Security/governanceRules",
"properties": {
"tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23",
"displayName": "Admin's rule",
"description": "A rule for critical recommendations",
"remediationTimeframe": "7.00:00:00",
"isGracePeriod": true,
"rulePriority": 200,
"isDisabled": false,
"ruleType": "Integrated",
"sourceResourceType": "Assessments",
"conditionSets": [
{
"conditions": [
{
"property": "$.Metadata.Severity",
"value": "Low",
"operator": "Equals"
}
]
}
],
"ownerSource": {
"type": "Manually",
"value": "user@contoso.com"
},
"governanceEmailNotification": {
"disableManagerEmailNotification": true,
"disableOwnerEmailNotification": true
},
"excludedScopes": [],
"includeMemberScopes": false,
"metadata": {
"createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"createdOn": "2022-11-10T08:31:26.7993124Z",
"updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
"updatedOn": "2022-11-10T08:31:26.7993124Z"
}
}
}
]
}
Definitioner
CloudError
Objekt
Vanligt felsvar för alla Azure Resource Manager-API:er för att returnera felinformation för misslyckade åtgärder. (Detta följer även formatet för OData-felsvar.).
| Name |
Typ |
Description |
|
error.additionalInfo
|
ErrorAdditionalInfo[]
|
Ytterligare information om felet.
|
|
error.code
|
string
|
Felkoden.
|
|
error.details
|
CloudErrorBody[]
|
Felinformationen.
|
|
error.message
|
string
|
Felmeddelandet.
|
|
error.target
|
string
|
Felmålet.
|
CloudErrorBody
Objekt
Felinformationen.
| Name |
Typ |
Description |
|
additionalInfo
|
ErrorAdditionalInfo[]
|
Ytterligare information om felet.
|
|
code
|
string
|
Felkoden.
|
|
details
|
CloudErrorBody[]
|
Felinformationen.
|
|
message
|
string
|
Felmeddelandet.
|
|
target
|
string
|
Felmålet.
|
Condition
Objekt
Styrningsregelns villkor
| Name |
Typ |
Description |
|
operator
|
GovernanceRuleConditionOperator
|
Styrningsregelns villkorsoperator, till exempel Lika med för allvarlighetsgrad eller I för lista över utvärderingar, se exempel
|
|
property
|
string
|
Styrningsregelns egenskap, t.ex. Allvarlighetsgrad eller AssessmentKey, se exempel
|
|
value
|
string
|
Styrningsregelns Värde som allvarlighetsgrad Låg, Hög eller utvärderingsnycklar, se exempel
|
ErrorAdditionalInfo
Objekt
Ytterligare information om resurshanteringsfelet.
| Name |
Typ |
Description |
|
info
|
object
|
Ytterligare information.
|
|
type
|
string
|
Ytterligare informationstyp.
|
GovernanceRule
Objekt
Styrningsregel över ett visst omfång
| Name |
Typ |
Description |
|
id
|
string
|
Resurs-ID
|
|
name
|
string
|
Resursnamn
|
|
properties.conditionSets
|
Condition[]
|
StyrningsregelvillkorUppsättningar – se exempel
|
|
properties.description
|
string
|
Beskrivning av styrningsregeln
|
|
properties.displayName
|
string
|
Visningsnamn för styrningsregeln
|
|
properties.excludedScopes
|
string[]
|
Exkluderade omfång filtrerar du bort underordnade till omfånget (på hanteringsomfång)
|
|
properties.governanceEmailNotification
|
GovernanceRuleEmailNotification
|
Inställningarna för e-postaviseringar för styrningsregeln anger om meddelanden för hanteraren och ägare ska inaktiveras
|
|
properties.includeMemberScopes
|
boolean
|
Definierar om regeln är hanteringsomfångsregel (huvudanslutning som ett enda omfång eller hanteringsomfång)
|
|
properties.isDisabled
|
boolean
|
Definierar om regeln är aktiv/inaktiv
|
|
properties.isGracePeriod
|
boolean
|
Definierar om det finns en respitperiod för styrningsregeln
|
|
properties.metadata
|
GovernanceRuleMetadata
|
Metadata för styrningsregeln
|
|
properties.ownerSource
|
GovernanceRuleOwnerSource
|
Ägarkällan för styrningsregeln – t.ex. manuellt av user@contoso.com – se exempel
|
|
properties.remediationTimeframe
|
string
pattern: ^[0-9]+\.[0-9]{2}:[0-9]{2}:[0-9]{2}$
|
Tidsram för reparation av styrningsregel – det här är den tid som påverkar respitperiodens varaktighet, t.ex. 7.00:00:00 – innebär 7 dagar
|
|
properties.rulePriority
|
integer
(int32)
minimum: 0
maximum: 1000
|
Styrningsregelns prioritet, prioritet till det lägre talet. Regler med samma prioritet för samma omfång tillåts inte
|
|
properties.ruleType
|
GovernanceRuleType
|
Regeltypen för styrningsregeln definierar källan till regeln, t.ex. integrerad
|
|
properties.sourceResourceType
|
GovernanceRuleSourceResourceType
|
Styrningsregelkällan, vad regeln påverkar, t.ex. utvärderingar
|
|
properties.tenantId
|
string
|
TenantId (GUID)
|
|
type
|
string
|
Resurstyp
|
GovernanceRuleConditionOperator
Uppräkning
Styrningsregelns villkorsoperator, till exempel Lika med för allvarlighetsgrad eller I för lista över utvärderingar, se exempel
| Värde |
Description |
|
Equals
|
Kontrollerar att strängvärdet för data som definierats i Egenskapen är lika med det angivna värdet – exakt passform
|
|
In
|
Kontrollerar att strängvärdet för data som definierats i Egenskapen är lika med något av de angivna värdena (exakt passform)
|
GovernanceRuleEmailNotification
Objekt
Konfiguration av e-post för styrning varje vecka
| Name |
Typ |
Description |
|
disableManagerEmailNotification
|
boolean
|
Definierar om e-postaviseringar för chef är inaktiverade
|
|
disableOwnerEmailNotification
|
boolean
|
Definierar om ägarens e-postaviseringar är inaktiverade
|
GovernanceRuleList
Objekt
Sida i en regellista för styrning
| Name |
Typ |
Description |
|
nextLink
|
string
|
URI:n för att hämta nästa sida
|
|
value
|
GovernanceRule[]
|
Samling styrningsregler på den här sidan
|
Objekt
Metadata för styrningsregeln
| Name |
Typ |
Description |
|
createdBy
|
string
|
Styrningsregel skapad av objekt-ID (GUID)
|
|
createdOn
|
string
(date-time)
|
Skapandedatum för styrningsregel
|
|
updatedBy
|
string
|
Styrningsregeln uppdaterades senast av objekt-ID (GUID)
|
|
updatedOn
|
string
(date-time)
|
Styrningsregel senaste uppdateringsdatum
|
GovernanceRuleOwnerSource
Objekt
Beskriv ägarkällan för styrningsregeln
| Name |
Typ |
Description |
|
type
|
GovernanceRuleOwnerSourceType
|
Ägartyp för ägarkällan för styrningsregeln
|
|
value
|
string
|
Källvärdet, t.ex. taggnyckel som ägarens namn eller e-postadress
|
GovernanceRuleOwnerSourceType
Uppräkning
Ägartyp för ägarkällan för styrningsregeln
| Värde |
Description |
|
ByTag
|
Regelkällans typ som definierats med hjälp av resurstaggen
|
|
Manually
|
Regelkällans typ definieras manuellt
|
GovernanceRuleSourceResourceType
Uppräkning
Styrningsregelkällan, vad regeln påverkar, t.ex. utvärderingar
| Värde |
Description |
|
Assessments
|
Källan till styrningsregeln är utvärderingar
|
GovernanceRuleType
Uppräkning
Regeltypen för styrningsregeln definierar källan till regeln, t.ex. integrerad
| Värde |
Description |
|
Integrated
|
Källan till regeltypdefinitionen är integrerad
|
|
ServiceNow
|
Källan till regeltypdefinitionen är ServiceNow
|