通过

你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn

Custom Recommendations - Create Or Update

  • 参考
服务:
Defender for Cloud
API 版本:
2024-08-01

根据给定范围创建或更新自定义建议

PUT https://management.azure.com/{scope}/providers/Microsoft.Security/customRecommendations/{customRecommendationName}?api-version=2024-08-01

URI 参数

名称 必需 类型 说明
customRecommendationName
 path True

string

自定义建议的名称。

正则表达式模式: [{]?[0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}[}]?$
scope
 path True

string

自定义建议的范围。 有效范围包括:管理组(格式:“providers/Microsoft.Management/managementGroups/{managementGroup}”)、订阅(格式:'subscriptions/{subscriptionId}')或安全连接器(格式:'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName})'
api-version
 query True

string

用于此操作的 API 版本。

请求正文

名称 类型 说明
properties.cloudProviders

RecommendationSupportedClouds[]

所有标准支持的云的列表。
properties.description

string

与此建议生成的评估相关的说明。
properties.displayName

string

此建议生成的评估的显示名称。
properties.query

string

表示所需建议结果的 KQL 查询。
properties.remediationDescription

string

与此建议生成的评估相关的修正说明。
properties.securityIssue

securityIssue

与此建议生成的评估相关的严重性。
properties.severity

severityEnum

与此建议生成的评估相关的严重性。

响应

名称 类型 说明
200 OK

CustomRecommendation

确定 - 已更新
201 Created

CustomRecommendation

创建
Other Status Codes

ErrorResponse

描述操作失败原因的错误响应

安全性

azure_auth

Azure Active Directory OAuth2 Flow

类型: oauth2
流向: implicit
授权 URL: https://login.microsoftonline.com/common/oauth2/authorize

作用域

名称 说明
user_impersonation 模拟用户帐户

示例

Create or update custom recommendation over management group scope
Create or update custom recommendation over security connector scope
Create or update custom recommendation over subscription scope

Create or update custom recommendation over management group scope

示例请求

PUT https://management.azure.com/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/customRecommendations/33e7cc6e-a139-4723-a0e5-76993aee0771?api-version=2024-08-01

{
  "properties": {
    "query": "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')",
    "cloudProviders": [
      "AWS"
    ],
    "severity": "Medium",
    "displayName": "Password Policy",
    "description": "organization passwords policy",
    "remediationDescription": "Change password policy to...",
    "securityIssue": "Vulnerability"
  }
}

示例响应

状态代码:
200 
{
  "id": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/customRecommendations/33e7cc6e-a139-4723-a0e5-76993aee0771",
  "name": "33e7cc6e-a139-4723-a0e5-76993aee0771",
  "type": "Microsoft.Security/customRecommendations",
  "systemData": {
    "createdBy": "user@contoso.com",
    "createdByType": "User",
    "createdAt": "2021-08-31T13:47:50.328Z",
    "lastModifiedBy": "user@contoso.com",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2021-08-31T13:47:50.328Z"
  },
  "properties": {
    "query": "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')",
    "cloudProviders": [
      "AWS"
    ],
    "severity": "Medium",
    "displayName": "Password Policy",
    "description": "organization passwords policy",
    "remediationDescription": "Change password policy to...",
    "assessmentKey": "d5f442f7-7e77-4bcf-a450-a9c1b9a94eeb",
    "securityIssue": "Vulnerability"
  }
}
状态代码:
201 
{
  "id": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/customRecommendations/33e7cc6e-a139-4723-a0e5-76993aee0771",
  "name": "33e7cc6e-a139-4723-a0e5-76993aee0771",
  "type": "Microsoft.Security/customRecommendations",
  "systemData": {
    "createdBy": "user@contoso.com",
    "createdByType": "User",
    "createdAt": "2021-08-31T13:47:50.328Z",
    "lastModifiedBy": "user@contoso.com",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2021-08-31T13:47:50.328Z"
  },
  "properties": {
    "query": "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')",
    "cloudProviders": [
      "AWS"
    ],
    "severity": "Medium",
    "displayName": "Password Policy",
    "description": "organization passwords policy",
    "remediationDescription": "Change password policy to...",
    "assessmentKey": "d5f442f7-7e77-4bcf-a450-a9c1b9a94eeb",
    "securityIssue": "Vulnerability"
  }
}

Create or update custom recommendation over security connector scope

示例请求

PUT https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/customRecommendations/33e7cc6e-a139-4723-a0e5-76993aee0771?api-version=2024-08-01

{
  "properties": {
    "query": "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')",
    "cloudProviders": [
      "AWS"
    ],
    "severity": "Medium",
    "displayName": "Password Policy",
    "description": "organization passwords policy",
    "remediationDescription": "Change password policy to...",
    "securityIssue": "Vulnerability"
  }
}

示例响应

状态代码:
200 
{
  "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/customRecommendations/33e7cc6e-a139-4723-a0e5-76993aee0771",
  "name": "33e7cc6e-a139-4723-a0e5-76993aee0771",
  "type": "Microsoft.Security/customRecommendations",
  "systemData": {
    "createdBy": "user@contoso.com",
    "createdByType": "User",
    "createdAt": "2021-08-31T13:47:50.328Z",
    "lastModifiedBy": "user@contoso.com",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2021-08-31T13:47:50.328Z"
  },
  "properties": {
    "query": "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')",
    "cloudProviders": [
      "AWS"
    ],
    "severity": "Medium",
    "displayName": "Password Policy",
    "description": "organization passwords policy",
    "remediationDescription": "Change password policy to...",
    "assessmentKey": "d5f442f7-7e77-4bcf-a450-a9c1b9a94eeb",
    "securityIssue": "Vulnerability"
  }
}
状态代码:
201 
{
  "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/customRecommendations/33e7cc6e-a139-4723-a0e5-76993aee0771",
  "name": "33e7cc6e-a139-4723-a0e5-76993aee0771",
  "type": "Microsoft.Security/customRecommendations",
  "systemData": {
    "createdBy": "user@contoso.com",
    "createdByType": "User",
    "createdAt": "2021-08-31T13:47:50.328Z",
    "lastModifiedBy": "user@contoso.com",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2021-08-31T13:47:50.328Z"
  },
  "properties": {
    "query": "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')",
    "cloudProviders": [
      "AWS"
    ],
    "severity": "Medium",
    "displayName": "Password Policy",
    "description": "organization passwords policy",
    "remediationDescription": "Change password policy to...",
    "assessmentKey": "d5f442f7-7e77-4bcf-a450-a9c1b9a94eeb",
    "securityIssue": "Vulnerability"
  }
}

Create or update custom recommendation over subscription scope

示例请求

PUT https://management.azure.com/subscriptions/e5d1b86c-3051-44d5-8802-aa65d45a279b/providers/Microsoft.Security/customRecommendations/33e7cc6e-a139-4723-a0e5-76993aee0771?api-version=2024-08-01

{
  "properties": {
    "query": "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')",
    "cloudProviders": [
      "AWS"
    ],
    "severity": "Medium",
    "displayName": "Password Policy",
    "description": "organization passwords policy",
    "remediationDescription": "Change password policy to...",
    "securityIssue": "Vulnerability"
  }
}

示例响应

状态代码:
200 
{
  "id": "/subscriptions/e5d1b86c-3051-44d5-8802-aa65d45a279b/providers/Microsoft.Security/customRecommendations/33e7cc6e-a139-4723-a0e5-76993aee0771",
  "name": "33e7cc6e-a139-4723-a0e5-76993aee0771",
  "type": "Microsoft.Security/customRecommendations",
  "systemData": {
    "createdBy": "user@contoso.com",
    "createdByType": "User",
    "createdAt": "2021-08-31T13:47:50.328Z",
    "lastModifiedBy": "user@contoso.com",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2021-08-31T13:47:50.328Z"
  },
  "properties": {
    "query": "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')",
    "cloudProviders": [
      "AWS"
    ],
    "severity": "Medium",
    "displayName": "Password Policy",
    "description": "organization passwords policy",
    "remediationDescription": "Change password policy to...",
    "assessmentKey": "d5f442f7-7e77-4bcf-a450-a9c1b9a94eeb",
    "securityIssue": "Vulnerability"
  }
}
状态代码:
201 
{
  "id": "/subscriptions/e5d1b86c-3051-44d5-8802-aa65d45a279b/providers/Microsoft.Security/customRecommendations/33e7cc6e-a139-4723-a0e5-76993aee0771",
  "name": "33e7cc6e-a139-4723-a0e5-76993aee0771",
  "type": "Microsoft.Security/customRecommendations",
  "systemData": {
    "createdBy": "user@contoso.com",
    "createdByType": "User",
    "createdAt": "2021-08-31T13:47:50.328Z",
    "lastModifiedBy": "user@contoso.com",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2021-08-31T13:47:50.328Z"
  },
  "properties": {
    "query": "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')",
    "cloudProviders": [
      "AWS"
    ],
    "severity": "Medium",
    "displayName": "Password Policy",
    "description": "organization passwords policy",
    "remediationDescription": "Change password policy to...",
    "assessmentKey": "d5f442f7-7e77-4bcf-a450-a9c1b9a94eeb",
    "securityIssue": "Vulnerability"
  }
}

定义

名称 说明
createdByType

创建资源的标识的类型。
CustomRecommendation

自定义建议
ErrorAdditionalInfo

资源管理错误附加信息。
ErrorDetail

错误详细信息。
ErrorResponse

错误响应
RecommendationSupportedClouds

所有标准支持的云的列表。
securityIssue

与此建议生成的评估相关的严重性。
severityEnum

与此建议生成的评估相关的严重性。
systemData

与创建和上次修改资源相关的元数据。

createdByType

创建资源的标识的类型。

名称 类型 说明
Application

string

Key

string

ManagedIdentity

string

User

string

CustomRecommendation

自定义建议

名称 类型 说明
id

string

资源 ID
name

string

资源名称
properties.assessmentKey

string

为此建议生成评估时使用的评估元数据密钥。
properties.cloudProviders

RecommendationSupportedClouds[]

所有标准支持的云的列表。
properties.description

string

与此建议生成的评估相关的说明。
properties.displayName

string

此建议生成的评估的显示名称。
properties.query

string

表示所需建议结果的 KQL 查询。
properties.remediationDescription

string

与此建议生成的评估相关的修正说明。
properties.securityIssue

securityIssue

与此建议生成的评估相关的严重性。
properties.severity

severityEnum

与此建议生成的评估相关的严重性。
systemData

systemData

包含 createdBy 和 modifiedBy 信息的 Azure 资源管理器元数据。
type

string

资源类型

ErrorAdditionalInfo

资源管理错误附加信息。

名称 类型 说明
info

object

其他信息。
type

string

其他信息类型。

ErrorDetail

错误详细信息。

名称 类型 说明
additionalInfo

ErrorAdditionalInfo[]

错误附加信息。
code

string

错误代码。
details

ErrorDetail[]

错误详细信息。
message

string

错误消息。
target

string

错误目标。

ErrorResponse

错误响应

名称 类型 说明
error

ErrorDetail

错误对象。

RecommendationSupportedClouds

所有标准支持的云的列表。

名称 类型 说明
AWS

string

Azure

string

GCP

string

securityIssue

与此建议生成的评估相关的严重性。

名称 类型 说明
AnonymousAccess

string

BestPractices

string

ExcessivePermissions

string

NetworkExposure

string

TrafficEncryption

string

Vulnerability

string

severityEnum

与此建议生成的评估相关的严重性。

名称 类型 说明
High

string

Low

string

Medium

string

systemData

与创建和上次修改资源相关的元数据。

名称 类型 说明
createdAt

string

资源创建时间戳(UTC)。
createdBy

string

创建资源的标识。
createdByType

createdByType

创建资源的标识的类型。
lastModifiedAt

string

上次修改的资源时间戳(UTC)
lastModifiedBy

string

上次修改资源的标识。
lastModifiedByType

createdByType

上次修改资源的标识的类型。