Azure.ResourceManager.SecurityCenter.Models Namespace
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Classes
AadExternalSecuritySolution |
Represents an AAD identity protection solution which sends logs to an OMS workspace. |
AadSolutionProperties |
The external security solution properties for AAD solutions. |
ActionableRemediation |
Configuration payload for PR Annotations. |
ActiveConnectionsNotInAllowedRange |
Number of active connections is not in allowed range. |
AdaptiveApplicationControlIssueSummary |
Represents a summary of the alerts of the machine group. |
AdaptiveNetworkHardeningEnforceContent |
The AdaptiveNetworkHardeningEnforceContent. |
AdditionalWorkspacesProperties |
Properties of the additional workspaces. |
AllowlistCustomAlertRule |
A custom alert rule that checks if a value (depends on the custom alert type) is allowed. Please note AllowlistCustomAlertRule is the base class. According to the scenario, a derived class of the base class might need to be assigned here, or this property needs to be casted to one of the possible derived classes. The available derived classes include ConnectionFromIPNotAllowed, ConnectionToIPNotAllowed, LocalUserNotAllowed and ProcessNotAllowed. |
AmqpC2DMessagesNotInAllowedRange |
Number of cloud to device messages (AMQP protocol) is not in allowed range. |
AmqpC2DRejectedMessagesNotInAllowedRange |
Number of rejected cloud to device messages (AMQP protocol) is not in allowed range. |
AmqpD2CMessagesNotInAllowedRange |
Number of device to cloud messages (AMQP protocol) is not in allowed range. |
ArmSecurityCenterModelFactory |
Model factory for models. |
AtaExternalSecuritySolution |
Represents an ATA security solution which sends logs to an OMS workspace. |
AtaSolutionProperties |
The external security solution properties for ATA solutions. |
AuthenticationDetailsProperties |
Settings for cloud authentication management Please note AuthenticationDetailsProperties is the base class. According to the scenario, a derived class of the base class might need to be assigned here, or this property needs to be casted to one of the possible derived classes. The available derived classes include AwsAssumeRoleAuthenticationDetailsProperties, AwsCredsAuthenticationDetailsProperties and GcpCredentialsDetailsProperties. |
AwsAssumeRoleAuthenticationDetailsProperties |
AWS cloud account connector based assume role, the role enables delegating access to your AWS resources. The role is composed of role Amazon Resource Name (ARN) and external ID. For more details, refer to <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user.html">Creating a Role to Delegate Permissions to an IAM User (write only)</a>. |
AwsCredsAuthenticationDetailsProperties |
AWS cloud account connector based credentials, the credentials is composed of access key ID and secret key, for more details, refer to <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html">Creating an IAM User in Your AWS Account (write only)</a>. |
AwsEnvironment |
The AWS connector environment data. |
AwsOrganizationalDataMaster |
The AWS organization data for the master account. |
AwsOrganizationalDataMember |
The AWS organization data for the member account. |
AwsOrganizationalInfo |
The AWS organization data Please note AwsOrganizationalInfo is the base class. According to the scenario, a derived class of the base class might need to be assigned here, or this property needs to be casted to one of the possible derived classes. The available derived classes include AwsOrganizationalDataMember and AwsOrganizationalDataMaster. |
AzureDevOpsScopeEnvironment |
The AzureDevOps scope connector's environment data. |
AzureResourceDetails |
Details of the Azure resource that was assessed. |
AzureResourceIdentifier |
Azure resource identifier. |
AzureServersSetting |
A vulnerability assessments setting on Azure servers in the defined scope. |
BaselineAdjustedResult |
The rule result adjusted with baseline. |
BenchmarkReference |
The benchmark references. |
BuiltInInfoType |
Pre-configured sensitive information type. |
CategoryConfiguration |
Severity level per category configuration for PR Annotations. |
CefExternalSecuritySolution |
Represents a security solution which sends CEF logs to an OMS workspace. |
CefSolutionProperties |
The external security solution properties for CEF solutions. |
ComplianceSegment |
A segment of a compliance assessment. |
ConnectableResourceInfo |
Describes the allowed inbound and outbound traffic of an Azure resource. |
ConnectedResourceInfo |
Describes properties of a connected resource. |
ConnectionFromIPNotAllowed |
Inbound connection from an ip that isn't allowed. Allow list consists of ipv4 or ipv6 range in CIDR notation. |
ConnectionToIPNotAllowed |
Outbound connection to an ip that isn't allowed. Allow list consists of ipv4 or ipv6 range in CIDR notation. |
ContainerRegistryVulnerabilityProperties |
Additional context fields for container registry Vulnerability assessment. |
CspmMonitorAwsOffering |
The CSPM monitoring for AWS offering. |
CspmMonitorAzureDevOpsOffering |
The CSPM monitoring for AzureDevOps offering. |
CspmMonitorGcpOffering |
The CSPM monitoring for GCP offering. |
CspmMonitorGcpOfferingNativeCloudConnection |
The native cloud connection configuration. |
CspmMonitorGithubOffering |
The CSPM monitoring for github offering. |
CspmMonitorGitLabOffering |
The CSPM (Cloud security posture management) monitoring for gitlab offering. |
CustomAlertRule |
A custom alert rule. Please note CustomAlertRule is the base class. According to the scenario, a derived class of the base class might need to be assigned here, or this property needs to be casted to one of the possible derived classes. The available derived classes include AllowlistCustomAlertRule, AmqpC2DMessagesNotInAllowedRange, AmqpC2DRejectedMessagesNotInAllowedRange, AmqpD2CMessagesNotInAllowedRange, ConnectionFromIPNotAllowed, ConnectionToIPNotAllowed, DenylistCustomAlertRule, DirectMethodInvokesNotInAllowedRange, FailedLocalLoginsNotInAllowedRange, FileUploadsNotInAllowedRange, HttpC2DMessagesNotInAllowedRange, HttpC2DRejectedMessagesNotInAllowedRange, HttpD2CMessagesNotInAllowedRange, ListCustomAlertRule, LocalUserNotAllowed, MqttC2DMessagesNotInAllowedRange, MqttC2DRejectedMessagesNotInAllowedRange, MqttD2CMessagesNotInAllowedRange, ProcessNotAllowed, QueuePurgesNotInAllowedRange, TwinUpdatesNotInAllowedRange, UnauthorizedOperationsNotInAllowedRange, ActiveConnectionsNotInAllowedRange, TimeWindowCustomAlertRule and ThresholdCustomAlertRule. |
CustomAssessmentAutomationCreateOrUpdateContent |
Custom Assessment Automation request. |
CustomEntityStoreAssignmentCreateOrUpdateContent |
describes the custom entity store assignment request. |
DataExportSettings |
Represents a data export setting. |
DefenderCspmAwsOffering |
The CSPM P1 for AWS offering. |
DefenderCspmAwsOfferingCiem |
Defenders CSPM Cloud infrastructure entitlement management (CIEM) offering configurations. |
DefenderCspmAwsOfferingCiemOidc |
Defender CSPM CIEM AWS OIDC (open id connect) configuration. |
DefenderCspmAwsOfferingDatabasesDspm |
The databases DSPM configuration. |
DefenderCspmAwsOfferingDataSensitivityDiscovery |
The Microsoft Defender Data Sensitivity discovery configuration. |
DefenderCspmAwsOfferingMdcContainersAgentlessDiscoveryK8S |
The Microsoft Defender container agentless discovery K8s configuration. |
DefenderCspmAwsOfferingMdcContainersImageAssessment |
The Microsoft Defender container image assessment configuration. |
DefenderCspmAwsOfferingVmScanners |
The Microsoft Defender for Server VM scanning configuration. |
DefenderCspmAwsOfferingVmScannersConfiguration |
configuration for Microsoft Defender for Server VM scanning. |
DefenderCspmGcpOffering |
The CSPM P1 for GCP offering. |
DefenderCspmGcpOfferingCiemDiscovery |
GCP Defenders CSPM Cloud infrastructure entitlement management (CIEM) discovery offering configurations. |
DefenderCspmGcpOfferingDataSensitivityDiscovery |
The Microsoft Defender Data Sensitivity discovery configuration. |
DefenderCspmGcpOfferingMdcContainersAgentlessDiscoveryK8S |
The Microsoft Defender Container agentless discovery configuration. |
DefenderCspmGcpOfferingMdcContainersImageAssessment |
The Microsoft Defender Container image assessment configuration. |
DefenderCspmGcpOfferingVmScanners |
The Microsoft Defender for Server VM scanning configuration. |
DefenderCspmGcpOfferingVmScannersConfiguration |
configuration for Microsoft Defender for Server VM scanning. |
DefenderFoDatabasesAwsOfferingArcAutoProvisioningConfiguration |
Configuration for servers Arc auto provisioning. |
DefenderFoDatabasesAwsOfferingDatabasesDspm |
The databases data security posture management (DSPM) configuration. |
DefenderForContainersAwsOffering |
The Defender for Containers AWS offering. |
DefenderForContainersAwsOfferingMdcContainersAgentlessDiscoveryK8S |
The Microsoft Defender container agentless discovery K8s configuration. |
DefenderForContainersAwsOfferingMdcContainersImageAssessment |
The Microsoft Defender container image assessment configuration. |
DefenderForContainersGcpOffering |
The containers GCP offering. |
DefenderForContainersGcpOfferingDataPipelineNativeCloudConnection |
The native cloud connection configuration. |
DefenderForContainersGcpOfferingMdcContainersAgentlessDiscoveryK8S |
The Microsoft Defender Container agentless discovery configuration. |
DefenderForContainersGcpOfferingMdcContainersImageAssessment |
The Microsoft Defender Container image assessment configuration. |
DefenderForContainersGcpOfferingNativeCloudConnection |
The native cloud connection configuration. |
DefenderForDatabasesAwsOffering |
The Defender for Databases AWS offering. |
DefenderForDatabasesAwsOfferingArcAutoProvisioning |
The ARC autoprovisioning configuration. |
DefenderForDatabasesAwsOfferingRds |
The RDS configuration. |
DefenderForDatabasesGcpOffering |
The Defender for Databases GCP offering configurations. |
DefenderForDatabasesGcpOfferingArcAutoProvisioning |
The ARC autoprovisioning configuration. |
DefenderForDatabasesGcpOfferingArcAutoProvisioningConfiguration |
Configuration for servers Arc auto provisioning. |
DefenderForDevOpsAzureDevOpsOffering |
The Defender for DevOps for Azure DevOps offering. |
DefenderForDevOpsGithubOffering |
The Defender for DevOps for Github offering. |
DefenderForDevOpsGitLabOffering |
The Defender for DevOps for Gitlab offering. |
DefenderForServersAwsOffering |
The Defender for Servers AWS offering. |
DefenderForServersAwsOfferingArcAutoProvisioning |
The ARC autoprovisioning configuration. |
DefenderForServersAwsOfferingArcAutoProvisioningConfiguration |
Configuration for servers Arc auto provisioning. |
DefenderForServersAwsOfferingMdeAutoProvisioning |
The Microsoft Defender for Endpoint autoprovisioning configuration. |
DefenderForServersAwsOfferingVmScanners |
The Microsoft Defender for Server VM scanning configuration. |
DefenderForServersAwsOfferingVmScannersConfiguration |
configuration for Microsoft Defender for Server VM scanning. |
DefenderForServersAwsOfferingVulnerabilityAssessmentAutoProvisioning |
The Vulnerability Assessment autoprovisioning configuration. |
DefenderForServersGcpOffering |
The Defender for Servers GCP offering configurations. |
DefenderForServersGcpOfferingArcAutoProvisioning |
The ARC autoprovisioning configuration. |
DefenderForServersGcpOfferingArcAutoProvisioningConfiguration |
Configuration for servers Arc auto provisioning. |
DefenderForServersGcpOfferingMdeAutoProvisioning |
The Microsoft Defender for Endpoint autoprovisioning configuration. |
DefenderForServersGcpOfferingVmScanners |
The Microsoft Defender for Server VM scanning configuration. |
DefenderForServersGcpOfferingVmScannersConfiguration |
configuration for Microsoft Defender for Server VM scanning. |
DefenderForServersGcpOfferingVulnerabilityAssessmentAutoProvisioning |
The Vulnerability Assessment autoprovisioning configuration. |
DenylistCustomAlertRule |
A custom alert rule that checks if a value (depends on the custom alert type) is denied. |
DevOpsConfigurationProperties |
DevOps Configuration properties. |
DevOpsOrgProperties |
Azure DevOps Organization properties. |
DevOpsProjectProperties |
Azure DevOps Project properties. |
DevOpsRepositoryProperties |
Azure DevOps Repository properties. |
DirectMethodInvokesNotInAllowedRange |
Number of direct method invokes is not in allowed range. |
DiscoveredSecuritySolution |
The DiscoveredSecuritySolution. |
EffectiveNetworkSecurityGroups |
Describes the Network Security Groups effective on a network interface. |
EnvironmentDetails |
The environment details of the resource. |
ExecuteGovernanceRuleParams |
Governance rule execution parameters. |
ExecuteRuleStatus |
Execute status of Security GovernanceRule over a given scope Serialized Name: ExecuteRuleStatus |
ExtensionOperationStatus |
A status describing the success/failure of the enablement/disablement operation. |
ExternalSecuritySolution |
Represents a security solution external to Microsoft Defender for Cloud which sends information to an OMS workspace and whose data is displayed by Microsoft Defender for Cloud. Please note ExternalSecuritySolution is the base class. According to the scenario, a derived class of the base class might need to be assigned here, or this property needs to be casted to one of the possible derived classes. The available derived classes include AadExternalSecuritySolution, AtaExternalSecuritySolution and CefExternalSecuritySolution. |
ExternalSecuritySolutionProperties |
The solution properties (correspond to the solution kind). |
FailedLocalLoginsNotInAllowedRange |
Number of failed local logins is not in allowed range. |
FileUploadsNotInAllowedRange |
Number of file uploads is not in allowed range. |
GcpCredentialsDetailsProperties |
GCP cloud account connector based service to service credentials, the credentials are composed of the organization ID and a JSON API key (write only). |
GcpDefenderForDatabasesArcAutoProvisioning |
The native cloud connection configuration. |
GcpDefenderForServersInfo |
The Defender for servers connection configuration. |
GcpMemberOrganizationalInfo |
The gcpOrganization data for the member account. |
GcpOrganizationalInfo |
The gcpOrganization data Please note GcpOrganizationalInfo is the base class. According to the scenario, a derived class of the base class might need to be assigned here, or this property needs to be casted to one of the possible derived classes. The available derived classes include GcpMemberOrganizationalInfo and GcpParentOrganizationalInfo. |
GcpParentOrganizationalInfo |
The gcpOrganization data for the parent account. |
GcpProjectDetails |
The details about the project represented by the security connector. |
GcpProjectEnvironment |
The GCP project connector environment data. |
GetSensitivitySettingsResponsePropertiesMipInformation |
Microsoft information protection built-in and custom information types, labels, and integration status. |
GithubScopeEnvironment |
The github scope connector's environment data. |
GitlabScopeEnvironment |
The GitLab scope connector's environment data. |
GovernanceAssignmentAdditionalInfo |
Describe the additional data of governance assignment - optional. |
GovernanceEmailNotification |
The governance email weekly notification configuration. |
GovernanceRuleEmailNotification |
The governance email weekly notification configuration. |
GovernanceRuleMetadata |
The governance rule metadata. |
GovernanceRuleOwnerSource |
Describe the owner source of governance rule. |
HealthDataClassification |
The classification of the health report. |
HealthReportResourceDetails |
The resource details of the health report. |
HealthReportStatus |
The status of the health report. |
HttpC2DMessagesNotInAllowedRange |
Number of cloud to device messages (HTTP protocol) is not in allowed range. |
HttpC2DRejectedMessagesNotInAllowedRange |
Number of rejected cloud to device messages (HTTP protocol) is not in allowed range. |
HttpD2CMessagesNotInAllowedRange |
Number of device to cloud messages (HTTP protocol) is not in allowed range. |
HybridComputeSettingsProperties |
Settings for hybrid compute management. |
InformationProtectionAwsOffering |
The information protection for AWS offering. |
InformationProtectionKeyword |
The information type keyword. |
InformationProtectionPolicy |
Information protection policy. |
IngestionConnectionString |
Connection string for ingesting security data and logs. |
IngestionSettingToken |
Configures how to correlate scan data and logs with resources associated with the subscription. |
IotSecurityAggregatedAlertTopDevice |
The IotSecurityAggregatedAlertTopDevice. |
IotSecurityAlertedDevice |
Statistical information about the number of alerts per device during last set number of days. |
IotSecurityDeviceAlert |
Statistical information about the number of alerts per alert type during last set number of days. |
IotSecurityDeviceRecommendation |
Statistical information about the number of recommendations per device, per recommendation type. |
IotSecuritySolutionAnalyticsModelDevicesMetrics |
The IotSecuritySolutionAnalyticsModelDevicesMetrics. |
IotSecuritySolutionPatch |
The IotSecuritySolutionPatch. |
IotSeverityMetrics |
IoT Security solution analytics severity metrics. |
JitNetworkAccessPolicyInitiateContent |
The JitNetworkAccessPolicyInitiateContent. |
JitNetworkAccessPolicyInitiatePort |
The JitNetworkAccessPolicyInitiatePort. |
JitNetworkAccessPolicyInitiateVirtualMachine |
The JitNetworkAccessPolicyInitiateVirtualMachine. |
JitNetworkAccessPolicyVirtualMachine |
The JitNetworkAccessPolicyVirtualMachine. |
JitNetworkAccessPortRule |
The JitNetworkAccessPortRule. |
JitNetworkAccessRequestInfo |
The JitNetworkAccessRequestInfo. |
JitNetworkAccessRequestPort |
The JitNetworkAccessRequestPort. |
JitNetworkAccessRequestVirtualMachine |
The JitNetworkAccessRequestVirtualMachine. |
ListCustomAlertRule |
A List custom alert rule. Please note ListCustomAlertRule is the base class. According to the scenario, a derived class of the base class might need to be assigned here, or this property needs to be casted to one of the possible derived classes. The available derived classes include AllowlistCustomAlertRule, ConnectionFromIPNotAllowed, ConnectionToIPNotAllowed, DenylistCustomAlertRule, LocalUserNotAllowed and ProcessNotAllowed. |
LocalUserNotAllowed |
Login by a local user that isn't allowed. Allow list consists of login names to allow. |
LogAnalyticsIdentifier |
Represents a Log Analytics workspace scope identifier. |
MdeOnboarding |
The resource of the configuration or data needed to onboard the machine to MDE. |
MipSensitivityLabel |
Microsoft information protection sensitivity label. |
MqttC2DMessagesNotInAllowedRange |
Number of cloud to device messages (MQTT protocol) is not in allowed range. |
MqttC2DRejectedMessagesNotInAllowedRange |
Number of rejected cloud to device messages (MQTT protocol) is not in allowed range. |
MqttD2CMessagesNotInAllowedRange |
Number of device to cloud messages (MQTT protocol) is not in allowed range. |
OnPremiseResourceDetails |
Details of the On Premise resource that was assessed Please note OnPremiseResourceDetails is the base class. According to the scenario, a derived class of the base class might need to be assigned here, or this property needs to be casted to one of the possible derived classes. The available derived classes include OnPremiseSqlResourceDetails. |
OnPremiseSqlResourceDetails |
Details of the On Premise Sql resource that was assessed. |
OperationStatusAutoGenerated |
A status describing the success/failure of the extension's enablement/disablement operation. |
PathRecommendation |
Represents a path that is recommended to be allowed and its properties. |
PlanExtension |
A plan's extension properties. |
ProcessNotAllowed |
Execution of a process that isn't allowed. Allow list consists of process names to allow. |
ProxyServerProperties |
For a non-Azure machine that is not connected directly to the internet, specify a proxy server that the non-Azure machine can use. |
QueuePurgesNotInAllowedRange |
Number of device queue purges is not in allowed range. |
RecommendationConfigurationProperties |
The type of IoT Security recommendation. |
RecommendedSecurityRule |
Describes remote addresses that is recommended to communicate with the Azure resource on some (Protocol, Port, Direction). All other remote addresses are recommended to be blocked. |
RemediationEta |
The ETA (estimated time of arrival) for remediation. |
RulesResultsContent |
Rules results input. |
SecureScoreControlDefinitionItem |
Information about the security control. |
SecureScoreControlDetails |
Details of the security control, its score, and the health status of the relevant resources. |
SecurityAlertEntity |
Changing set of properties depending on the entity type. |
SecurityAlertResourceIdentifier |
A resource identifier for an alert which can be used to direct the alert to the right product exposure group (tenant, workspace, subscription etc.). Please note SecurityAlertResourceIdentifier is the base class. According to the scenario, a derived class of the base class might need to be assigned here, or this property needs to be casted to one of the possible derived classes. The available derived classes include AzureResourceIdentifier and LogAnalyticsIdentifier. |
SecurityAlertSimulatorBundlesRequestProperties |
Simulate alerts according to this bundles. |
SecurityAlertSimulatorContent |
Alert Simulator request body. |
SecurityAlertSimulatorRequestProperties |
Describes properties of an alert simulation request Please note SecurityAlertSimulatorRequestProperties is the base class. According to the scenario, a derived class of the base class might need to be assigned here, or this property needs to be casted to one of the possible derived classes. The available derived classes include SecurityAlertSimulatorBundlesRequestProperties. |
SecurityAlertSupportingEvidence |
Changing set of properties depending on the supportingEvidence type. |
SecurityAlertSyncSettings |
Represents an alert sync setting. |
SecurityAssessmentCreateOrUpdateContent |
Security assessment on a resource. |
SecurityAssessmentMetadataPartner |
Describes the partner that created the assessment. |
SecurityAssessmentMetadataProperties |
Describes properties of an assessment metadata. |
SecurityAssessmentPartner |
Data regarding 3rd party partner integration. |
SecurityAssessmentPublishDates |
The SecurityAssessmentPublishDates. |
SecurityAssessmentStatus |
The result of the assessment. |
SecurityAssessmentStatusResult |
The result of the assessment. |
SecurityAutomationAction |
The action that should be triggered. Please note SecurityAutomationAction is the base class. According to the scenario, a derived class of the base class might need to be assigned here, or this property needs to be casted to one of the possible derived classes. The available derived classes include SecurityAutomationActionEventHub, SecurityAutomationActionLogicApp and SecurityAutomationActionWorkspace. |
SecurityAutomationActionEventHub |
The target Event Hub to which event data will be exported. To learn more about Microsoft Defender for Cloud continuous export capabilities, visit https://aka.ms/ASCExportLearnMore. |
SecurityAutomationActionLogicApp |
The logic app action that should be triggered. To learn more about Microsoft Defender for Cloud's Workflow Automation capabilities, visit https://aka.ms/ASCWorkflowAutomationLearnMore. |
SecurityAutomationActionWorkspace |
The Log Analytics Workspace to which event data will be exported. Security alerts data will reside in the 'SecurityAlert' table and the assessments data will reside in the 'SecurityRecommendation' table (under the 'Security'/'SecurityCenterFree' solutions). Note that in order to view the data in the workspace, the Security Center Log Analytics free/standard solution needs to be enabled on that workspace. To learn more about Microsoft Defender for Cloud continuous export capabilities, visit https://aka.ms/ASCExportLearnMore. |
SecurityAutomationRuleSet |
A rule set which evaluates all its rules upon an event interception. Only when all the included rules in the rule set will be evaluated as 'true', will the event trigger the defined actions. |
SecurityAutomationScope |
A single automation scope. |
SecurityAutomationSource |
The source event types which evaluate the security automation set of rules. For example - security alerts and security assessments. To learn more about the supported security events data models schemas - please visit https://aka.ms/ASCAutomationSchemas. |
SecurityAutomationTriggeringRule |
A rule which is evaluated upon event interception. The rule is configured by comparing a specific value from the event model to an expected value. This comparison is done by using one of the supported operators set. |
SecurityAutomationValidationStatus |
The security automation model state property bag. |
SecurityCenterAllowedConnection |
The resource whose properties describes the allowed traffic between Azure resources. |
SecurityCenterCloudOffering |
The security offering details Please note SecurityCenterCloudOffering is the base class. According to the scenario, a derived class of the base class might need to be assigned here, or this property needs to be casted to one of the possible derived classes. The available derived classes include CspmMonitorAwsOffering, CspmMonitorAzureDevOpsOffering, CspmMonitorGcpOffering, CspmMonitorGitLabOffering, CspmMonitorGithubOffering, DefenderCspmAwsOffering, DefenderCspmGcpOffering, DefenderForContainersAwsOffering, DefenderForContainersGcpOffering, DefenderForDatabasesAwsOffering, DefenderForDatabasesGcpOffering, DefenderForDevOpsAzureDevOpsOffering, DefenderForDevOpsGitLabOffering, DefenderForDevOpsGithubOffering, DefenderForServersAwsOffering, DefenderForServersGcpOffering and InformationProtectionAwsOffering. |
SecurityCenterFileProtectionMode |
The protection mode of the collection/file types. Exe/Msi/Script are used for Windows, Executable is used for Linux. |
SecurityCenterPublisherInfo |
Represents the publisher information of a process/rule. |
SecurityCenterResourceDetails |
Details of the resource that was assessed Please note SecurityCenterResourceDetails is the base class. According to the scenario, a derived class of the base class might need to be assigned here, or this property needs to be casted to one of the possible derived classes. The available derived classes include AzureResourceDetails, OnPremiseResourceDetails and OnPremiseSqlResourceDetails. |
SecurityCenterTagsResourceInfo |
A container holding only the Tags for a resource, allowing the user to update the tags. |
SecurityConnectorEnvironment |
The security connector environment data. Please note SecurityConnectorEnvironment is the base class. According to the scenario, a derived class of the base class might need to be assigned here, or this property needs to be casted to one of the possible derived classes. The available derived classes include AwsEnvironment, AzureDevOpsScopeEnvironment, GcpProjectEnvironment, GithubScopeEnvironment and GitlabScopeEnvironment. |
SecurityConnectorGitHubOwnerProperties |
GitHub Owner properties. |
SecurityConnectorGitHubRepositoryProperties |
GitHub Repository properties. |
SecurityConnectorGitLabGroupProperties |
GitLab Group properties. |
SecurityConnectorGitLabProjectProperties |
GitLab Project properties. |
SecurityContactPropertiesAlertNotifications |
Defines whether to send email notifications about new security alerts. |
SecurityContactPropertiesNotificationsByRole |
Defines whether to send email notifications from Microsoft Defender for Cloud to persons with specific RBAC roles on the subscription. |
SecurityCve |
CVE details. |
SecurityCvss |
CVSS details. |
SecurityHealthReportIssue |
The issue that caused the resource to by unhealthy. |
SecurityInformationTypeInfo |
The information type. |
SecuritySolution |
The SecuritySolution. |
SecuritySolutionsReferenceData |
The SecuritySolutionsReferenceData. |
SecuritySubAssessmentAdditionalInfo |
Details of the sub-assessment Please note SecuritySubAssessmentAdditionalInfo is the base class. According to the scenario, a derived class of the base class might need to be assigned here, or this property needs to be casted to one of the possible derived classes. The available derived classes include ContainerRegistryVulnerabilityProperties, ServerVulnerabilityProperties and SqlServerVulnerabilityProperties. |
SecurityTaskProperties |
Changing set of properties, depending on the task type that is derived from the name field. |
SecurityTopologyResource |
The SecurityTopologyResource. |
SensitivityLabel |
The sensitivity label. |
SensitivitySettingCreateOrUpdateContent |
Request to update data sensitivity settings for sensitive data discovery. |
SensitivitySettingsProperties |
The sensitivity settings properties. |
ServerVulnerabilityProperties |
Additional context fields for server vulnerability assessment. |
ServicePrincipalProperties |
Details of the service principal. |
SqlServerVulnerabilityProperties |
Details of the resource that was assessed. |
SqlVulnerabilityAssessmentBaseline |
Baseline details. |
SqlVulnerabilityAssessmentBaselineRuleCreateOrUpdateContent |
Rule results input. |
SqlVulnerabilityAssessmentRemediation |
Remediation details. |
SqlVulnerabilityAssessmentScanProperties |
A vulnerability assessment scan record properties. |
SqlVulnerabilityAssessmentScanResult |
A vulnerability assessment scan result for a single rule. |
SqlVulnerabilityAssessmentScanResultProperties |
A vulnerability assessment scan result properties for a single rule. |
SubAssessmentStatus |
Status of the sub-assessment. |
SuppressionAlertsScopeElement |
A more specific scope used to identify the alerts to suppress. |
TargetBranchConfiguration |
Repository branch configuration for PR Annotations. |
ThresholdCustomAlertRule |
A custom alert rule that checks if a value (depends on the custom alert type) is within the given range. Please note ThresholdCustomAlertRule is the base class. According to the scenario, a derived class of the base class might need to be assigned here, or this property needs to be casted to one of the possible derived classes. The available derived classes include ActiveConnectionsNotInAllowedRange, AmqpC2DMessagesNotInAllowedRange, AmqpC2DRejectedMessagesNotInAllowedRange, AmqpD2CMessagesNotInAllowedRange, DirectMethodInvokesNotInAllowedRange, FailedLocalLoginsNotInAllowedRange, FileUploadsNotInAllowedRange, HttpC2DMessagesNotInAllowedRange, HttpC2DRejectedMessagesNotInAllowedRange, HttpD2CMessagesNotInAllowedRange, MqttC2DMessagesNotInAllowedRange, MqttC2DRejectedMessagesNotInAllowedRange, MqttD2CMessagesNotInAllowedRange, QueuePurgesNotInAllowedRange, TimeWindowCustomAlertRule, TwinUpdatesNotInAllowedRange and UnauthorizedOperationsNotInAllowedRange. |
TimeWindowCustomAlertRule |
A custom alert rule that checks if the number of activities (depends on the custom alert type) in a time window is within the given range. Please note TimeWindowCustomAlertRule is the base class. According to the scenario, a derived class of the base class might need to be assigned here, or this property needs to be casted to one of the possible derived classes. The available derived classes include ActiveConnectionsNotInAllowedRange, AmqpC2DMessagesNotInAllowedRange, AmqpC2DRejectedMessagesNotInAllowedRange, AmqpD2CMessagesNotInAllowedRange, DirectMethodInvokesNotInAllowedRange, FailedLocalLoginsNotInAllowedRange, FileUploadsNotInAllowedRange, HttpC2DMessagesNotInAllowedRange, HttpC2DRejectedMessagesNotInAllowedRange, HttpD2CMessagesNotInAllowedRange, MqttC2DMessagesNotInAllowedRange, MqttC2DRejectedMessagesNotInAllowedRange, MqttD2CMessagesNotInAllowedRange, QueuePurgesNotInAllowedRange, TwinUpdatesNotInAllowedRange and UnauthorizedOperationsNotInAllowedRange. |
TopologySingleResource |
The TopologySingleResource. |
TopologySingleResourceChild |
The TopologySingleResourceChild. |
TopologySingleResourceParent |
The TopologySingleResourceParent. |
TwinUpdatesNotInAllowedRange |
Number of twin updates is not in allowed range. |
UnauthorizedOperationsNotInAllowedRange |
Number of unauthorized operations is not in allowed range. |
UserDefinedInformationType |
Custom user-defined information type. |
UserDefinedResourcesProperties |
Properties of the IoT Security solution's user defined resources. |
UserRecommendation |
Represents a user that is recommended to be allowed for a certain rule. |
VendorReference |
Vendor reference. |
VmRecommendation |
Represents a machine that is part of a machine group. |
VulnerabilityAssessmentRule |
vulnerability assessment rule metadata details. |
VulnerabilityAssessmentRuleQueryCheck |
The rule query details. |
Structs
AadConnectivityStateType |
The connectivity state of the external AAD solution. |
ActionableRemediationState |
ActionableRemediation Setting. None - the setting was never set. Enabled - ActionableRemediation is enabled. Disabled - ActionableRemediation is disabled. |
AdaptiveApplicationControlEnforcementMode |
The application control policy enforcement/protection mode of the machine group. |
AdaptiveApplicationControlGroupSourceSystem |
The source type of the machine group. |
AdaptiveApplicationControlIssue |
An alert that machines within a group can have. |
AdditionalWorkspaceDataType |
Data types sent to workspace. |
AdditionalWorkspaceType |
Workspace type. |
AnnotateDefaultBranchState |
Configuration of PR Annotations on default branch. Enabled - PR Annotations are enabled on the resource's default branch. Disabled - PR Annotations are disabled on the resource's default branch. |
ApplicationSourceResourceType |
The application source, what it affects, e.g. Assessments. |
AuthenticationProvisioningState |
State of the multi-cloud connector. |
AutomationTriggeringRuleOperator |
A valid comparer operator to use. A case-insensitive comparison will be applied for String PropertyType. |
AutomationTriggeringRulePropertyType |
The data type of the compared operands (string, integer, floating point number or a boolean [true/false]]. |
AutoProvisionState |
Describes what kind of security agent provisioning action to take. |
AvailableSubPlanType |
The available sub plans. |
CustomAssessmentAutomationSupportedCloud |
Relevant cloud for the custom assessment automation. |
CustomAssessmentSeverity |
The severity to relate to the assessments generated by this assessment automation. |
DefenderForServersScanningMode |
The scanning mode for the VM scan. |
DefenderForStorageSettingName |
The DefenderForStorageSettingName. |
DevOpsAutoDiscovery |
AutoDiscovery states. |
DevOpsProvisioningState |
The provisioning state of the resource. Pending - Provisioning pending. Failed - Provisioning failed. Succeeded - Successful provisioning. Canceled - Provisioning canceled. PendingDeletion - Deletion pending. DeletionSuccess - Deletion successful. DeletionFailure - Deletion failure. |
EndOfSupportStatus |
End of support status. |
ExtensionOperationStatusCode |
The operation status code. |
ExternalSecuritySolutionKind |
The kind of the external solution. |
GovernanceRuleOwnerSourceType |
The owner type for the governance rule owner source. |
GovernanceRuleSourceResourceType |
The governance rule source, what the rule affects, e.g. Assessments. |
GovernanceRuleType |
The rule type of the governance rule, defines the source of the rule e.g. Integrated. |
HealthReportSource |
The platform where the assessed resource resides. |
HealthReportStatusName |
The status of the health report. |
HybridComputeProvisioningState |
State of the service principal and its secret. |
ImplementationEffort |
The implementation effort required to remediate this assessment. |
InformationProtectionPolicyName |
The InformationProtectionPolicyName. |
InheritFromParentState |
Update Settings. Enabled - Resource should inherit configurations from parent. Disabled - Resource should not inherit configurations from parent. |
IotSecurityRecommendationType |
The type of IoT Security recommendation. |
IotSecuritySolutionDataSource |
The IotSecuritySolutionDataSource. |
IotSecuritySolutionExportOption |
The IotSecuritySolutionExportOption. |
IsExtensionEnabled |
Indicates whether the extension is enabled. |
JitNetworkAccessPortProtocol |
The JitNetworkAccessPortProtocol. |
JitNetworkAccessPortStatus |
The status of the port. |
JitNetworkAccessPortStatusReason |
A description of why the |
KillChainIntent |
The kill chain related intent behind the alert. For list of supported values, and explanations of Azure Security Center's supported kill chain intents. |
MipIntegrationStatus |
Microsoft information protection integration status. |
PathRecommendationFileType |
The type of the file (for Linux files - Executable is used). |
RecommendationAction |
The recommendation action of the machine or rule. |
RecommendationConfigStatus |
Recommendation status. When the recommendation status is disabled recommendations are not generated. |
RecommendationStatus |
The initial recommendation status of the machine group or machine. |
RegulatoryComplianceState |
Aggregative state based on the standard's supported controls states. |
ReportedSeverity |
Assessed alert severity. |
ResourceOnboardingState |
Details about resource onboarding status across all connectors. OnboardedByOtherConnector - this resource has already been onboarded to another connector. This is only applicable to top-level resources. Onboarded - this resource has already been onboarded by the specified connector. NotOnboarded - this resource has not been onboarded to any connector. NotApplicable - the onboarding state is not applicable to the current endpoint. |
RuleCategory |
Rule categories. Code - code scanning results. Artifact scanning results. Dependencies scanning results. IaC results. Secrets scanning results. Container scanning results. |
RuleSeverity |
The rule severity. |
SecurityAlertMinimalSeverity |
Defines the minimal alert severity which will be sent as email notifications. |
SecurityAlertNotificationByRoleState |
Defines whether to send email notifications from AMicrosoft Defender for Cloud to persons with specific RBAC roles on the subscription. |
SecurityAlertNotificationState |
Defines if email notifications will be sent about new security alerts. |
SecurityAlertReceivingRole |
A possible role to configure sending security notification alerts to. |
SecurityAlertSeverity |
The risk level of the threat that was detected. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-alerts-overview#how-are-alerts-classified. |
SecurityAlertSimulatorBundleType |
Alert Simulator supported bundles. |
SecurityAlertStatus |
The life cycle status of the alert. |
SecurityAssessmentODataExpand |
The SecurityAssessmentODataExpand. |
SecurityAssessmentResourceCategory |
The categories of resource that is at risk when the assessment is unhealthy. |
SecurityAssessmentResourceStatus |
The status of the resource regarding a single assessment. |
SecurityAssessmentSeverity |
The sub-assessment severity level. |
SecurityAssessmentStatusCode |
Programmatic code for the status of the assessment. |
SecurityAssessmentTactic |
Tactic of the assessment. |
SecurityAssessmentTechnique |
Techniques of the assessment. |
SecurityAssessmentType |
BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition. |
SecurityAssessmentUserImpact |
The user impact of the assessment. |
SecurityCenterCloudName |
The multi cloud resource's cloud name. |
SecurityCenterCloudPermission |
A permission detected in the cloud account. |
SecurityCenterConfigurationStatus |
The configuration status of the machines group or machine or rule. |
SecurityCenterConnectionType |
The SecurityCenterConnectionType. |
SecurityCenterPricingTier |
The pricing tier value. Microsoft Defender for Cloud is provided in two pricing tiers: free and standard. The standard tier offers advanced security capabilities, while the free tier offers basic security features. |
SecurityCenterVmEnforcementSupportState |
The machine supportability of Enforce feature. |
SecurityControlType |
The type of security control (for example, BuiltIn). |
SecurityEventSource |
A valid event source type. |
SecurityFamily |
The security family of the discovered solution. |
SecurityFamilyProvisioningState |
The security family provisioning State. |
SecurityScoreODataExpand |
The SecurityScoreODataExpand. |
SecuritySettingName |
The SecuritySettingName. |
SecuritySolutionStatus |
Status of the IoT Security solution. |
SecurityThreat |
Threats impact of the assessment. |
SecurityTrafficDirection |
The rule's direction. |
SecurityTransportProtocol |
The SecurityTransportProtocol. |
SecurityValueType |
The value type of the items in the list. |
ServerVulnerabilityAssessmentPropertiesProvisioningState |
The provisioningState of the vulnerability assessment capability on the VM. |
ServerVulnerabilityAssessmentsAzureSettingSelectedProvider |
The selected vulnerability assessments provider on Azure servers in the defined scope. |
ServerVulnerabilityAssessmentsSettingKindName |
The ServerVulnerabilityAssessmentsSettingKindName. |
SqlVulnerabilityAssessmentScanResultRuleStatus |
The rule result status. |
SqlVulnerabilityAssessmentScanState |
The scan status. |
SqlVulnerabilityAssessmentScanTriggerType |
The scan trigger type. |
SubAssessmentStatusCode |
Programmatic code for the status of the assessment. |
UnmaskedIPLoggingStatus |
Unmasked IP address logging status. |
VulnerabilityAssessmentAutoProvisioningType |
The Vulnerability Assessment solution to be provisioned. Can be either 'TVM' or 'Qualys'. |
VulnerabilityAssessmentRuleType |
The rule type. |
Enums
SecurityAlertsSuppressionRuleState |
Possible states of the rule. |
SensitivityLabelRank |
The rank of the sensitivity label. |