Custom Recommendations - Create Or Update

參考

服務:: Defender for Cloud

API 版本:: 2024-08-01

在指定範圍上建立或更新自定義建議

PUT https://management.azure.com/{scope}/providers/Microsoft.Security/customRecommendations/{customRecommendationName}?api-version=2024-08-01

URI 參數

名稱位於必要類型 Description

名稱	位於	必要	類型	Description
customRecommendationName	path	True	string	自訂建議的名稱。 Regex 模式: `[{]?[0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}[}]?$`
scope	path	True	string	自訂建議的範圍。有效範圍包括：管理群組（格式：'providers/Microsoft.Management/managementGroups/{managementGroup}'）、訂用帳戶（格式：'subscriptions/{subscriptionId}'），或安全性連接器（格式：'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName}）'
api-version	query	True	string	要用於這項作業的 API 版本。

customRecommendationName

path

True

string

自訂建議的名稱。

Regex 模式: [{]?[0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}[}]?$

scope

path

True

string

自訂建議的範圍。有效範圍包括：管理群組（格式：'providers/Microsoft.Management/managementGroups/{managementGroup}'）、訂用帳戶（格式：'subscriptions/{subscriptionId}'），或安全性連接器（格式：'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName}）'

api-version

query

True

string

要用於這項作業的 API 版本。

要求本文

名稱	類型	Description
properties.cloudProviders	RecommendationSupportedClouds[]	所有標準支援的雲端清單。
properties.description	string	與此建議所產生的評量相關的描述。
properties.displayName	string	此建議所產生的評量顯示名稱。
properties.query	string	KQL 查詢，代表所需的建議結果。
properties.remediationDescription	string	與此建議所產生的評量相關的補救描述。
properties.securityIssue	securityIssue	與此建議所產生的評量相關的嚴重性。
properties.severity	severityEnum	與此建議所產生的評量相關的嚴重性。

回應

名稱	類型	Description
200 OK	CustomRecommendation	確定 - 已更新
201 Created	CustomRecommendation	創建
Other Status Codes	ErrorResponse	描述作業失敗原因的錯誤回應

安全性

azure_auth

Azure Active Directory OAuth2 Flow

類型: oauth2
Flow: implicit
授權 URL: https://login.microsoftonline.com/common/oauth2/authorize

範圍

名稱	Description
user_impersonation	模擬您的用戶帳戶

範例

Create or update custom recommendation over management group scope

Create or update custom recommendation over security connector scope

Create or update custom recommendation over subscription scope

Create or update custom recommendation over management group scope

PUT https://management.azure.com/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/customRecommendations/33e7cc6e-a139-4723-a0e5-76993aee0771?api-version=2024-08-01

{
  "properties": {
    "query": "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')",
    "cloudProviders": [
      "AWS"
    ],
    "severity": "Medium",
    "displayName": "Password Policy",
    "description": "organization passwords policy",
    "remediationDescription": "Change password policy to...",
    "securityIssue": "Vulnerability"
  }
}


import com.azure.resourcemanager.security.models.RecommendationSupportedClouds;
import com.azure.resourcemanager.security.models.SecurityIssue;
import com.azure.resourcemanager.security.models.SeverityEnum;
import java.util.Arrays;

/**
 * Samples for CustomRecommendations CreateOrUpdate.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/stable/2024-08-01/examples/CustomRecommendations/
     * PutByManagementGroupCustomRecommendation_example.json
     */
    /**
     * Sample code: Create or update custom recommendation over management group scope.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void createOrUpdateCustomRecommendationOverManagementGroupScope(
        com.azure.resourcemanager.security.SecurityManager manager) {
        manager.customRecommendations().define("33e7cc6e-a139-4723-a0e5-76993aee0771")
            .withExistingScope("providers/Microsoft.Management/managementGroups/contoso")
            .withQuery(
                "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')")
            .withCloudProviders(Arrays.asList(RecommendationSupportedClouds.AWS)).withSeverity(SeverityEnum.MEDIUM)
            .withSecurityIssue(SecurityIssue.VULNERABILITY).withDisplayName("Password Policy")
            .withDescription("organization passwords policy").withRemediationDescription("Change password policy to...")
            .create();
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

範例回覆

狀態碼:: 200

{
  "id": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/customRecommendations/33e7cc6e-a139-4723-a0e5-76993aee0771",
  "name": "33e7cc6e-a139-4723-a0e5-76993aee0771",
  "type": "Microsoft.Security/customRecommendations",
  "systemData": {
    "createdBy": "user@contoso.com",
    "createdByType": "User",
    "createdAt": "2021-08-31T13:47:50.328Z",
    "lastModifiedBy": "user@contoso.com",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2021-08-31T13:47:50.328Z"
  },
  "properties": {
    "query": "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')",
    "cloudProviders": [
      "AWS"
    ],
    "severity": "Medium",
    "displayName": "Password Policy",
    "description": "organization passwords policy",
    "remediationDescription": "Change password policy to...",
    "assessmentKey": "d5f442f7-7e77-4bcf-a450-a9c1b9a94eeb",
    "securityIssue": "Vulnerability"
  }
}

狀態碼:: 201

{
  "id": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/customRecommendations/33e7cc6e-a139-4723-a0e5-76993aee0771",
  "name": "33e7cc6e-a139-4723-a0e5-76993aee0771",
  "type": "Microsoft.Security/customRecommendations",
  "systemData": {
    "createdBy": "user@contoso.com",
    "createdByType": "User",
    "createdAt": "2021-08-31T13:47:50.328Z",
    "lastModifiedBy": "user@contoso.com",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2021-08-31T13:47:50.328Z"
  },
  "properties": {
    "query": "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')",
    "cloudProviders": [
      "AWS"
    ],
    "severity": "Medium",
    "displayName": "Password Policy",
    "description": "organization passwords policy",
    "remediationDescription": "Change password policy to...",
    "assessmentKey": "d5f442f7-7e77-4bcf-a450-a9c1b9a94eeb",
    "securityIssue": "Vulnerability"
  }
}

Create or update custom recommendation over security connector scope

範例要求

HTTP
Java

PUT https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/customRecommendations/33e7cc6e-a139-4723-a0e5-76993aee0771?api-version=2024-08-01

{
  "properties": {
    "query": "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')",
    "cloudProviders": [
      "AWS"
    ],
    "severity": "Medium",
    "displayName": "Password Policy",
    "description": "organization passwords policy",
    "remediationDescription": "Change password policy to...",
    "securityIssue": "Vulnerability"
  }
}


import com.azure.resourcemanager.security.models.RecommendationSupportedClouds;
import com.azure.resourcemanager.security.models.SecurityIssue;
import com.azure.resourcemanager.security.models.SeverityEnum;
import java.util.Arrays;

/**
 * Samples for CustomRecommendations CreateOrUpdate.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/stable/2024-08-01/examples/CustomRecommendations/
     * PutBySecurityConnectorCustomRecommendation_example.json
     */
    /**
     * Sample code: Create or update custom recommendation over security connector scope.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void createOrUpdateCustomRecommendationOverSecurityConnectorScope(
        com.azure.resourcemanager.security.SecurityManager manager) {
        manager.customRecommendations().define("33e7cc6e-a139-4723-a0e5-76993aee0771").withExistingScope(
            "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector")
            .withQuery(
                "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')")
            .withCloudProviders(Arrays.asList(RecommendationSupportedClouds.AWS)).withSeverity(SeverityEnum.MEDIUM)
            .withSecurityIssue(SecurityIssue.VULNERABILITY).withDisplayName("Password Policy")
            .withDescription("organization passwords policy").withRemediationDescription("Change password policy to...")
            .create();
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

範例回覆

狀態碼:: 200

{
  "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/customRecommendations/33e7cc6e-a139-4723-a0e5-76993aee0771",
  "name": "33e7cc6e-a139-4723-a0e5-76993aee0771",
  "type": "Microsoft.Security/customRecommendations",
  "systemData": {
    "createdBy": "user@contoso.com",
    "createdByType": "User",
    "createdAt": "2021-08-31T13:47:50.328Z",
    "lastModifiedBy": "user@contoso.com",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2021-08-31T13:47:50.328Z"
  },
  "properties": {
    "query": "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')",
    "cloudProviders": [
      "AWS"
    ],
    "severity": "Medium",
    "displayName": "Password Policy",
    "description": "organization passwords policy",
    "remediationDescription": "Change password policy to...",
    "assessmentKey": "d5f442f7-7e77-4bcf-a450-a9c1b9a94eeb",
    "securityIssue": "Vulnerability"
  }
}

狀態碼:: 201

{
  "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/customRecommendations/33e7cc6e-a139-4723-a0e5-76993aee0771",
  "name": "33e7cc6e-a139-4723-a0e5-76993aee0771",
  "type": "Microsoft.Security/customRecommendations",
  "systemData": {
    "createdBy": "user@contoso.com",
    "createdByType": "User",
    "createdAt": "2021-08-31T13:47:50.328Z",
    "lastModifiedBy": "user@contoso.com",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2021-08-31T13:47:50.328Z"
  },
  "properties": {
    "query": "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')",
    "cloudProviders": [
      "AWS"
    ],
    "severity": "Medium",
    "displayName": "Password Policy",
    "description": "organization passwords policy",
    "remediationDescription": "Change password policy to...",
    "assessmentKey": "d5f442f7-7e77-4bcf-a450-a9c1b9a94eeb",
    "securityIssue": "Vulnerability"
  }
}

Create or update custom recommendation over subscription scope

範例要求

HTTP
Java

PUT https://management.azure.com/subscriptions/e5d1b86c-3051-44d5-8802-aa65d45a279b/providers/Microsoft.Security/customRecommendations/33e7cc6e-a139-4723-a0e5-76993aee0771?api-version=2024-08-01

{
  "properties": {
    "query": "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')",
    "cloudProviders": [
      "AWS"
    ],
    "severity": "Medium",
    "displayName": "Password Policy",
    "description": "organization passwords policy",
    "remediationDescription": "Change password policy to...",
    "securityIssue": "Vulnerability"
  }
}


import com.azure.resourcemanager.security.models.RecommendationSupportedClouds;
import com.azure.resourcemanager.security.models.SecurityIssue;
import com.azure.resourcemanager.security.models.SeverityEnum;
import java.util.Arrays;

/**
 * Samples for CustomRecommendations CreateOrUpdate.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/stable/2024-08-01/examples/CustomRecommendations/
     * PutBySubscriptionCustomRecommendation_example.json
     */
    /**
     * Sample code: Create or update custom recommendation over subscription scope.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void createOrUpdateCustomRecommendationOverSubscriptionScope(
        com.azure.resourcemanager.security.SecurityManager manager) {
        manager.customRecommendations().define("33e7cc6e-a139-4723-a0e5-76993aee0771")
            .withExistingScope("subscriptions/e5d1b86c-3051-44d5-8802-aa65d45a279b")
            .withQuery(
                "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')")
            .withCloudProviders(Arrays.asList(RecommendationSupportedClouds.AWS)).withSeverity(SeverityEnum.MEDIUM)
            .withSecurityIssue(SecurityIssue.VULNERABILITY).withDisplayName("Password Policy")
            .withDescription("organization passwords policy").withRemediationDescription("Change password policy to...")
            .create();
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

範例回覆

狀態碼:: 200

{
  "id": "/subscriptions/e5d1b86c-3051-44d5-8802-aa65d45a279b/providers/Microsoft.Security/customRecommendations/33e7cc6e-a139-4723-a0e5-76993aee0771",
  "name": "33e7cc6e-a139-4723-a0e5-76993aee0771",
  "type": "Microsoft.Security/customRecommendations",
  "systemData": {
    "createdBy": "user@contoso.com",
    "createdByType": "User",
    "createdAt": "2021-08-31T13:47:50.328Z",
    "lastModifiedBy": "user@contoso.com",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2021-08-31T13:47:50.328Z"
  },
  "properties": {
    "query": "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')",
    "cloudProviders": [
      "AWS"
    ],
    "severity": "Medium",
    "displayName": "Password Policy",
    "description": "organization passwords policy",
    "remediationDescription": "Change password policy to...",
    "assessmentKey": "d5f442f7-7e77-4bcf-a450-a9c1b9a94eeb",
    "securityIssue": "Vulnerability"
  }
}

狀態碼:: 201

{
  "id": "/subscriptions/e5d1b86c-3051-44d5-8802-aa65d45a279b/providers/Microsoft.Security/customRecommendations/33e7cc6e-a139-4723-a0e5-76993aee0771",
  "name": "33e7cc6e-a139-4723-a0e5-76993aee0771",
  "type": "Microsoft.Security/customRecommendations",
  "systemData": {
    "createdBy": "user@contoso.com",
    "createdByType": "User",
    "createdAt": "2021-08-31T13:47:50.328Z",
    "lastModifiedBy": "user@contoso.com",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2021-08-31T13:47:50.328Z"
  },
  "properties": {
    "query": "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')",
    "cloudProviders": [
      "AWS"
    ],
    "severity": "Medium",
    "displayName": "Password Policy",
    "description": "organization passwords policy",
    "remediationDescription": "Change password policy to...",
    "assessmentKey": "d5f442f7-7e77-4bcf-a450-a9c1b9a94eeb",
    "securityIssue": "Vulnerability"
  }
}

定義

名稱	Description
createdByType	建立資源的身分識別類型。
CustomRecommendation	自訂建議
ErrorAdditionalInfo	資源管理錯誤其他資訊。
ErrorDetail	錯誤詳細數據。
ErrorResponse	錯誤回應
RecommendationSupportedClouds	所有標準支援的雲端清單。
securityIssue	與此建議所產生的評量相關的嚴重性。
severityEnum	與此建議所產生的評量相關的嚴重性。
systemData	與建立和上次修改資源相關的元數據。

createdByType

建立資源的身分識別類型。

名稱	類型	Description
Application	string
Key	string
ManagedIdentity	string
User	string