Custom Recommendations - List

服務:

Defender for Cloud

API 版本:

2024-08-01

取得範圍中所有相關自定義建議的清單

GET https://management.azure.com/{scope}/providers/Microsoft.Security/customRecommendations?api-version=2024-08-01

URI 參數

名稱	位於	必要	類型	Description
scope	path	True	string	自訂建議的範圍。 有效範圍包括：管理群組（格式：'providers/Microsoft.Management/managementGroups/{managementGroup}'）、訂用帳戶（格式：'subscriptions/{subscriptionId}'），或安全性連接器（格式：'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName}）'
api-version	query	True	string	要用於這項作業的 API 版本。

回應

名稱	類型	Description
200 OK	CustomRecommendationsList	還行
Other Status Codes	ErrorResponse	描述作業失敗原因的錯誤回應

安全性

azure_auth

Azure Active Directory OAuth2 Flow

類型: oauth2
Flow: implicit
授權 URL: https://login.microsoftonline.com/common/oauth2/authorize

範圍

名稱	Description
user_impersonation	模擬您的用戶帳戶

範例

List custom recommendations by management group scope

List custom recommendations by security connector scope

List custom recommendations by subscription scope

List custom recommendations by management group scope

範例要求

HTTP

GET https://management.azure.com/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/customRecommendations?api-version=2024-08-01

Java

/**
 * Samples for CustomRecommendations List.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/stable/2024-08-01/examples/CustomRecommendations/
     * ListByManagementGroupCustomRecommendations_example.json
     */
    /**
     * Sample code: List custom recommendations by management group scope.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void
        listCustomRecommendationsByManagementGroupScope(com.azure.resourcemanager.security.SecurityManager manager) {
        manager.customRecommendations().list("providers/Microsoft.Management/managementGroups/contoso",
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

範例回覆

狀態碼:

200

{
  "value": [
    {
      "id": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/customRecommendations/MycustomRecommendation1",
      "name": "MycustomRecommendation1",
      "type": "Microsoft.Security/customRecommendations",
      "systemData": {
        "createdBy": "user@contoso.com",
        "createdByType": "User",
        "createdAt": "2021-08-31T13:47:50.328Z",
        "lastModifiedBy": "user@contoso.com",
        "lastModifiedByType": "User",
        "lastModifiedAt": "2021-08-31T13:47:50.328Z"
      },
      "properties": {
        "query": "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')",
        "cloudProviders": [
          "AWS"
        ],
        "severity": "Medium",
        "displayName": "Password Policy",
        "description": "organization passwords policy",
        "remediationDescription": "Change password policy to...",
        "assessmentKey": "d5f442f7-7e77-4bcf-a450-a9c1b9a94eeb",
        "securityIssue": "Vulnerability"
      }
    },
    {
      "id": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/customRecommendations/MycustomRecommendation2",
      "name": "MycustomRecommendation2",
      "type": "Microsoft.Security/customRecommendations",
      "systemData": {
        "createdBy": "user@contoso.com",
        "createdByType": "User",
        "createdAt": "2021-08-31T13:47:50.328Z",
        "lastModifiedBy": "user@contoso.com",
        "lastModifiedByType": "User",
        "lastModifiedAt": "2021-08-31T13:47:50.328Z"
      },
      "properties": {
        "query": "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')",
        "cloudProviders": [
          "AWS"
        ],
        "severity": "Medium",
        "displayName": "Password Policy",
        "description": "organization passwords policy",
        "remediationDescription": "Change password policy to...",
        "assessmentKey": "d5f442f7-7e77-4bcf-a450-a9c1b9a94eeb",
        "securityIssue": "Vulnerability"
      }
    }
  ]
}

List custom recommendations by security connector scope

範例要求

HTTP

GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/customRecommendations?api-version=2024-08-01

Java

/**
 * Samples for CustomRecommendations List.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/stable/2024-08-01/examples/CustomRecommendations/
     * ListBySecurityConnectorCustomRecommendations_example.json
     */
    /**
     * Sample code: List custom recommendations by security connector scope.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void
        listCustomRecommendationsBySecurityConnectorScope(com.azure.resourcemanager.security.SecurityManager manager) {
        manager.customRecommendations().list(
            "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector",
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

範例回覆

狀態碼:

200

{
  "value": [
    {
      "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/customRecommendations/MycustomRecommendation1",
      "name": "MycustomRecommendation1",
      "type": "Microsoft.Security/customRecommendations",
      "systemData": {
        "createdBy": "user@contoso.com",
        "createdByType": "User",
        "createdAt": "2021-08-31T13:47:50.328Z",
        "lastModifiedBy": "user@contoso.com",
        "lastModifiedByType": "User",
        "lastModifiedAt": "2021-08-31T13:47:50.328Z"
      },
      "properties": {
        "query": "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')",
        "cloudProviders": [
          "AWS"
        ],
        "severity": "Medium",
        "displayName": "Password Policy",
        "description": "organization passwords policy",
        "remediationDescription": "Change password policy to...",
        "assessmentKey": "d5f442f7-7e77-4bcf-a450-a9c1b9a94eeb",
        "securityIssue": "Vulnerability"
      }
    },
    {
      "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/customRecommendations/MycustomRecommendation2",
      "name": "MycustomRecommendation2",
      "type": "Microsoft.Security/customRecommendations",
      "systemData": {
        "createdBy": "user@contoso.com",
        "createdByType": "User",
        "createdAt": "2021-08-31T13:47:50.328Z",
        "lastModifiedBy": "user@contoso.com",
        "lastModifiedByType": "User",
        "lastModifiedAt": "2021-08-31T13:47:50.328Z"
      },
      "properties": {
        "query": "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')",
        "cloudProviders": [
          "AWS"
        ],
        "severity": "Medium",
        "displayName": "Password Policy",
        "description": "organization passwords policy",
        "remediationDescription": "Change password policy to...",
        "assessmentKey": "d5f442f7-7e77-4bcf-a450-a9c1b9a94eeb",
        "securityIssue": "Vulnerability"
      }
    }
  ]
}

List custom recommendations by subscription scope

範例要求

HTTP

GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/customRecommendations?api-version=2024-08-01

Java

/**
 * Samples for CustomRecommendations List.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/stable/2024-08-01/examples/CustomRecommendations/
     * ListBySubscriptionCustomRecommendations_example.json
     */
    /**
     * Sample code: List custom recommendations by subscription scope.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void
        listCustomRecommendationsBySubscriptionScope(com.azure.resourcemanager.security.SecurityManager manager) {
        manager.customRecommendations().list("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

範例回覆

狀態碼:

200

{
  "value": [
    {
      "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/customRecommendations/MycustomRecommendation1",
      "name": "MycustomRecommendation1",
      "type": "Microsoft.Security/customRecommendations",
      "systemData": {
        "createdBy": "user@contoso.com",
        "createdByType": "User",
        "createdAt": "2021-08-31T13:47:50.328Z",
        "lastModifiedBy": "user@contoso.com",
        "lastModifiedByType": "User",
        "lastModifiedAt": "2021-08-31T13:47:50.328Z"
      },
      "properties": {
        "query": "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')",
        "cloudProviders": [
          "AWS"
        ],
        "severity": "Medium",
        "displayName": "Password Policy",
        "description": "organization passwords policy",
        "remediationDescription": "Change password policy to...",
        "assessmentKey": "d5f442f7-7e77-4bcf-a450-a9c1b9a94eeb",
        "securityIssue": "Vulnerability"
      }
    },
    {
      "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/customRecommendations/MycustomRecommendation2",
      "name": "MycustomRecommendation2",
      "type": "Microsoft.Security/customRecommendations",
      "systemData": {
        "createdBy": "user@contoso.com",
        "createdByType": "User",
        "createdAt": "2021-08-31T13:47:50.328Z",
        "lastModifiedBy": "user@contoso.com",
        "lastModifiedByType": "User",
        "lastModifiedAt": "2021-08-31T13:47:50.328Z"
      },
      "properties": {
        "query": "RawEntityMetadata | where Environment == 'GCP' and Identifiers.Type == 'compute.firewalls' | extend IslogConfigEnabled = tobool(Record.logConfig.enable) | extend HealthStatus = iff(IslogConfigEnabled, 'HEALTHY', 'UNHEALTHY')",
        "cloudProviders": [
          "AWS"
        ],
        "severity": "Medium",
        "displayName": "Password Policy",
        "description": "organization passwords policy",
        "remediationDescription": "Change password policy to...",
        "assessmentKey": "d5f442f7-7e77-4bcf-a450-a9c1b9a94eeb",
        "securityIssue": "Vulnerability"
      }
    }
  ]
}

定義

名稱	Description
createdByType	建立資源的身分識別類型。
CustomRecommendation	自訂建議
CustomRecommendationsList	自訂建議的清單
ErrorAdditionalInfo	資源管理錯誤其他資訊。
ErrorDetail	錯誤詳細數據。
ErrorResponse	錯誤回應
RecommendationSupportedClouds	所有標準支援的雲端清單。
securityIssue	與此建議所產生的評量相關的嚴重性。
severityEnum	與此建議所產生的評量相關的嚴重性。
systemData	與建立和上次修改資源相關的元數據。

createdByType

建立資源的身分識別類型。

名稱	類型	Description
Application	string
Key	string
ManagedIdentity	string
User	string

CustomRecommendation

自訂建議

名稱	類型	Description
id	string	資源標識碼
name	string	資源名稱
properties.assessmentKey	string	針對此建議產生評量時所使用的評定元數據索引鍵。
properties.cloudProviders	RecommendationSupportedClouds[]	所有標準支援的雲端清單。
properties.description	string	與此建議所產生的評量相關的描述。
properties.displayName	string	此建議所產生的評量顯示名稱。
properties.query	string	KQL 查詢，代表所需的建議結果。
properties.remediationDescription	string	與此建議所產生的評量相關的補救描述。
properties.securityIssue	securityIssue	與此建議所產生的評量相關的嚴重性。
properties.severity	severityEnum	與此建議所產生的評量相關的嚴重性。
systemData	systemData	包含 createdBy 和 modifiedBy 資訊的 Azure Resource Manager 元數據。
type	string	資源類型

CustomRecommendationsList

自訂建議的清單

名稱	類型	Description
nextLink	string	用來取得下一頁作業的連結。
value	CustomRecommendation[]	自訂建議的集合

ErrorAdditionalInfo

資源管理錯誤其他資訊。

名稱	類型	Description
info	object	其他資訊。
type	string	其他信息類型。

ErrorDetail

錯誤詳細數據。

名稱	類型	Description
additionalInfo	ErrorAdditionalInfo[]	錯誤其他資訊。
code	string	錯誤碼。
details	ErrorDetail[]	錯誤詳細數據。
message	string	錯誤訊息。
target	string	錯誤目標。

ErrorResponse

錯誤回應

名稱	類型	Description
error	ErrorDetail	error 物件。

RecommendationSupportedClouds

所有標準支援的雲端清單。

名稱	類型	Description
AWS	string
Azure	string
GCP	string

securityIssue

與此建議所產生的評量相關的嚴重性。

名稱	類型	Description
AnonymousAccess	string
BestPractices	string
ExcessivePermissions	string
NetworkExposure	string
TrafficEncryption	string
Vulnerability	string

severityEnum

與此建議所產生的評量相關的嚴重性。

名稱	類型	Description
High	string
Low	string
Medium	string

systemData

與建立和上次修改資源相關的元數據。

名稱	類型	Description
createdAt	string	資源建立的時間戳（UTC）。
createdBy	string	建立資源的身分識別。
createdByType	createdByType	建立資源的身分識別類型。
lastModifiedAt	string	上次修改的資源時間戳 （UTC）
lastModifiedBy	string	上次修改資源的身分識別。
lastModifiedByType	createdByType	上次修改資源的身分識別類型。