共用方式為


Governance Rules - Create Or Update

建立或更新指定範圍的治理規則

PUT https://management.azure.com/{scope}/providers/Microsoft.Security/governanceRules/{ruleId}?api-version=2022-01-01-preview

URI 參數

名稱 位於 必要 類型 Description
ruleId
path True

string

治理規則金鑰 - 標準治理規則的唯一索引鍵 (GUID)

scope
path True

string

治理規則的範圍。 有效範圍包括:管理群組(格式:'providers/Microsoft.Management/managementGroups/{managementGroup}')、訂用帳戶(格式:'subscriptions/{subscriptionId}'),或安全性連接器(格式:'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName})'

api-version
query True

string

作業的 API 版本

要求本文

名稱 必要 類型 Description
properties.conditionSets True

Condition[]

治理規則條件集 - 請參閱範例

properties.displayName True

string

治理規則的顯示名稱

properties.ownerSource True

GovernanceRuleOwnerSource

治理規則的擁有者來源 -- 例如手動 user@contoso.com - 請參閱範例

properties.rulePriority True

integer

治理規則優先順序,優先順序為較低的數位。 不允許在相同範圍上具有相同優先順序的規則

properties.ruleType True

GovernanceRuleType

治理規則的規則類型,定義規則的來源,例如整合式

properties.sourceResourceType True

GovernanceRuleSourceResourceType

治理規則來源、規則影響的內容,例如評定

properties.description

string

治理規則的描述

properties.excludedScopes

string[]

排除的範圍,篩選出範圍的子系(在管理範圍上)

properties.governanceEmailNotification

GovernanceRuleEmailNotification

治理規則的電子郵件通知設定,指出是否要停用管理員和擁有者的通知

properties.includeMemberScopes

boolean

定義規則是否為管理範圍規則(主要連接器為單一範圍或管理範圍)

properties.isDisabled

boolean

定義規則是否為使用中/非使用中

properties.isGracePeriod

boolean

定義治理規則是否有寬限期

properties.metadata

GovernanceRuleMetadata

治理規則元數據

properties.remediationTimeframe

string

治理規則補救時間範圍 - 這是會影響寬限期間期間的時間,例如 7.00:00:00 - 表示 7 天

回應

名稱 類型 Description
200 OK

GovernanceRule

確定 - 已更新

201 Created

GovernanceRule

創建

Other Status Codes

CloudError

描述作業失敗原因的錯誤回應

安全性

azure_auth

Azure Active Directory OAuth2 Flow

類型: oauth2
Flow: implicit
授權 URL: https://login.microsoftonline.com/common/oauth2/authorize

範圍

名稱 Description
user_impersonation 模擬您的用戶帳戶

範例

Create or update governance rule over management group scope
Create or update governance rule over security connector scope
Create or update governance rule over subscription scope

Create or update governance rule over management group scope

範例要求

PUT https://management.azure.com/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8?api-version=2022-01-01-preview

{
  "properties": {
    "displayName": "Management group rule",
    "description": "A rule for a management group",
    "remediationTimeframe": "7.00:00:00",
    "isGracePeriod": true,
    "rulePriority": 200,
    "isDisabled": false,
    "ruleType": "Integrated",
    "sourceResourceType": "Assessments",
    "conditionSets": [
      {
        "conditions": [
          {
            "property": "$.AssessmentKey",
            "value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
            "operator": "In"
          }
        ]
      }
    ],
    "ownerSource": {
      "type": "Manually",
      "value": "user@contoso.com"
    },
    "governanceEmailNotification": {
      "disableManagerEmailNotification": true,
      "disableOwnerEmailNotification": false
    },
    "excludedScopes": [
      "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"
    ]
  }
}

範例回覆

{
  "id": "providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
  "name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
  "type": "Microsoft.Security/governanceRules",
  "properties": {
    "tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23",
    "displayName": "Management group rule",
    "description": "A rule for a management group",
    "remediationTimeframe": "7.00:00:00",
    "isGracePeriod": true,
    "rulePriority": 200,
    "isDisabled": false,
    "ruleType": "Integrated",
    "sourceResourceType": "Assessments",
    "conditionSets": [
      {
        "conditions": [
          {
            "property": "$.AssessmentKey",
            "value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
            "operator": "In"
          }
        ]
      }
    ],
    "ownerSource": {
      "type": "Manually",
      "value": "user@contoso.com"
    },
    "governanceEmailNotification": {
      "disableManagerEmailNotification": true,
      "disableOwnerEmailNotification": false
    },
    "excludedScopes": [
      "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"
    ],
    "includeMemberScopes": false,
    "metadata": {
      "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
      "createdOn": "2022-11-10T08:31:26.7993124Z",
      "updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
      "updatedOn": "2022-11-10T08:31:26.7993124Z"
    }
  }
}
{
  "id": "providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
  "name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
  "type": "Microsoft.Security/governanceRules",
  "properties": {
    "tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23",
    "displayName": "Management group rule",
    "description": "A rule for a management group",
    "remediationTimeframe": "7.00:00:00",
    "isGracePeriod": true,
    "rulePriority": 200,
    "isDisabled": false,
    "ruleType": "Integrated",
    "sourceResourceType": "Assessments",
    "conditionSets": [
      {
        "conditions": [
          {
            "property": "$.AssessmentKey",
            "value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
            "operator": "In"
          }
        ]
      }
    ],
    "ownerSource": {
      "type": "Manually",
      "value": "user@contoso.com"
    },
    "governanceEmailNotification": {
      "disableManagerEmailNotification": true,
      "disableOwnerEmailNotification": false
    },
    "excludedScopes": [
      "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"
    ],
    "includeMemberScopes": false,
    "metadata": {
      "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
      "createdOn": "2022-11-10T08:31:26.7993124Z",
      "updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
      "updatedOn": "2022-11-10T08:31:26.7993124Z"
    }
  }
}

Create or update governance rule over security connector scope

範例要求

PUT https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8?api-version=2022-01-01-preview

{
  "properties": {
    "displayName": "GCP Admin's rule",
    "description": "A rule on critical GCP recommendations",
    "remediationTimeframe": "7.00:00:00",
    "isGracePeriod": true,
    "rulePriority": 200,
    "isDisabled": false,
    "ruleType": "Integrated",
    "sourceResourceType": "Assessments",
    "conditionSets": [
      {
        "conditions": [
          {
            "property": "$.AssessmentKey",
            "value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
            "operator": "In"
          }
        ]
      }
    ],
    "ownerSource": {
      "type": "Manually",
      "value": "user@contoso.com"
    },
    "governanceEmailNotification": {
      "disableManagerEmailNotification": true,
      "disableOwnerEmailNotification": false
    }
  }
}

範例回覆

{
  "id": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
  "name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
  "type": "Microsoft.Security/governanceRules",
  "properties": {
    "tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23",
    "displayName": "GCP Admin's rule",
    "description": "A rule on critical GCP recommendations",
    "remediationTimeframe": "7.00:00:00",
    "isGracePeriod": true,
    "rulePriority": 200,
    "isDisabled": false,
    "ruleType": "Integrated",
    "sourceResourceType": "Assessments",
    "conditionSets": [
      {
        "conditions": [
          {
            "property": "$.AssessmentKey",
            "value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
            "operator": "In"
          }
        ]
      }
    ],
    "ownerSource": {
      "type": "Manually",
      "value": "user@contoso.com"
    },
    "governanceEmailNotification": {
      "disableManagerEmailNotification": true,
      "disableOwnerEmailNotification": false
    },
    "excludedScopes": [],
    "includeMemberScopes": false,
    "metadata": {
      "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
      "createdOn": "2022-11-10T08:31:26.7993124Z",
      "updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
      "updatedOn": "2022-11-10T08:31:26.7993124Z"
    }
  }
}
{
  "id": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
  "name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
  "type": "Microsoft.Security/governanceRules",
  "properties": {
    "displayName": "GCP Admin's rule",
    "description": "A rule on critical GCP recommendations",
    "remediationTimeframe": "7.00:00:00",
    "isGracePeriod": true,
    "rulePriority": 200,
    "isDisabled": false,
    "ruleType": "Integrated",
    "sourceResourceType": "Assessments",
    "conditionSets": [
      {
        "conditions": [
          {
            "property": "$.AssessmentKey",
            "value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
            "operator": "In"
          }
        ]
      }
    ],
    "ownerSource": {
      "type": "Manually",
      "value": "user@contoso.com"
    },
    "governanceEmailNotification": {
      "disableManagerEmailNotification": true,
      "disableOwnerEmailNotification": false
    },
    "excludedScopes": [],
    "includeMemberScopes": false,
    "metadata": {
      "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
      "createdOn": "2022-11-10T08:31:26.7993124Z",
      "updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
      "updatedOn": "2022-11-10T08:31:26.7993124Z"
    }
  }
}

Create or update governance rule over subscription scope

範例要求

PUT https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8?api-version=2022-01-01-preview

{
  "properties": {
    "displayName": "Admin's rule",
    "description": "A rule for critical recommendations",
    "remediationTimeframe": "7.00:00:00",
    "isGracePeriod": true,
    "rulePriority": 200,
    "isDisabled": false,
    "ruleType": "Integrated",
    "sourceResourceType": "Assessments",
    "conditionSets": [
      {
        "conditions": [
          {
            "property": "$.AssessmentKey",
            "value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
            "operator": "In"
          }
        ]
      }
    ],
    "ownerSource": {
      "type": "Manually",
      "value": "user@contoso.com"
    },
    "governanceEmailNotification": {
      "disableManagerEmailNotification": false,
      "disableOwnerEmailNotification": false
    }
  }
}

範例回覆

{
  "id": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
  "name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
  "type": "Microsoft.Security/governanceRules",
  "properties": {
    "tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23",
    "displayName": "Admin's rule",
    "description": "A rule for critical recommendations",
    "remediationTimeframe": "7.00:00:00",
    "isGracePeriod": true,
    "rulePriority": 200,
    "isDisabled": false,
    "ruleType": "Integrated",
    "sourceResourceType": "Assessments",
    "conditionSets": [
      {
        "conditions": [
          {
            "property": "$.AssessmentKey",
            "value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
            "operator": "In"
          }
        ]
      }
    ],
    "ownerSource": {
      "type": "Manually",
      "value": "user@contoso.com"
    },
    "governanceEmailNotification": {
      "disableManagerEmailNotification": false,
      "disableOwnerEmailNotification": false
    },
    "excludedScopes": [],
    "includeMemberScopes": false,
    "metadata": {
      "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
      "createdOn": "2022-11-10T08:31:26.7993124Z",
      "updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
      "updatedOn": "2022-11-10T08:31:26.7993124Z"
    }
  }
}
{
  "id": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
  "name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8",
  "type": "Microsoft.Security/governanceRules",
  "properties": {
    "tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23",
    "displayName": "Admin's rule",
    "description": "A rule for critical recommendations",
    "remediationTimeframe": "7.00:00:00",
    "isGracePeriod": true,
    "rulePriority": 200,
    "isDisabled": false,
    "ruleType": "Integrated",
    "sourceResourceType": "Assessments",
    "conditionSets": [
      {
        "conditions": [
          {
            "property": "$.AssessmentKey",
            "value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]",
            "operator": "In"
          }
        ]
      }
    ],
    "ownerSource": {
      "type": "Manually",
      "value": "user@contoso.com"
    },
    "governanceEmailNotification": {
      "disableManagerEmailNotification": false,
      "disableOwnerEmailNotification": false
    },
    "excludedScopes": [],
    "includeMemberScopes": false,
    "metadata": {
      "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
      "createdOn": "2022-11-10T08:31:26.7993124Z",
      "updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936",
      "updatedOn": "2022-11-10T08:31:26.7993124Z"
    }
  }
}

定義

名稱 Description
CloudError

所有 Azure Resource Manager API 的常見錯誤回應,以傳回失敗作業的錯誤詳細數據。 (這也遵循 OData 錯誤回應格式。)。

CloudErrorBody

錯誤詳細數據。

Condition

治理規則的條件

ErrorAdditionalInfo

資源管理錯誤其他資訊。

GovernanceRule

指定範圍的治理規則

GovernanceRuleConditionOperator

治理規則條件的運算符,例如等於嚴重性或 In,以取得評量清單,請參閱範例

GovernanceRuleEmailNotification

治理電子郵件每周通知設定

GovernanceRuleMetadata

治理規則元數據

GovernanceRuleOwnerSource

描述治理規則的擁有者來源

GovernanceRuleOwnerSourceType

治理規則擁有者來源的擁有者類型

GovernanceRuleSourceResourceType

治理規則來源、規則影響的內容,例如評定

GovernanceRuleType

治理規則的規則類型,定義規則的來源,例如整合式

CloudError

所有 Azure Resource Manager API 的常見錯誤回應,以傳回失敗作業的錯誤詳細數據。 (這也遵循 OData 錯誤回應格式。)。

名稱 類型 Description
error.additionalInfo

ErrorAdditionalInfo[]

錯誤其他資訊。

error.code

string

錯誤碼。

error.details

CloudErrorBody[]

錯誤詳細數據。

error.message

string

錯誤訊息。

error.target

string

錯誤目標。

CloudErrorBody

錯誤詳細數據。

名稱 類型 Description
additionalInfo

ErrorAdditionalInfo[]

錯誤其他資訊。

code

string

錯誤碼。

details

CloudErrorBody[]

錯誤詳細數據。

message

string

錯誤訊息。

target

string

錯誤目標。

Condition

治理規則的條件

名稱 類型 Description
operator

GovernanceRuleConditionOperator

治理規則條件的運算符,例如等於嚴重性或 In,以取得評量清單,請參閱範例

property

string

治理規則條件的屬性,例如嚴重性或 AssessmentKey,請參閱範例

value

string

治理規則條件的值,例如嚴重性低、高或評量索引鍵,請參閱範例

ErrorAdditionalInfo

資源管理錯誤其他資訊。

名稱 類型 Description
info

object

其他資訊。

type

string

其他信息類型。

GovernanceRule

指定範圍的治理規則

名稱 類型 Description
id

string

資源標識碼

name

string

資源名稱

properties.conditionSets

Condition[]

治理規則條件集 - 請參閱範例

properties.description

string

治理規則的描述

properties.displayName

string

治理規則的顯示名稱

properties.excludedScopes

string[]

排除的範圍,篩選出範圍的子系(在管理範圍上)

properties.governanceEmailNotification

GovernanceRuleEmailNotification

治理規則的電子郵件通知設定,指出是否要停用管理員和擁有者的通知

properties.includeMemberScopes

boolean

定義規則是否為管理範圍規則(主要連接器為單一範圍或管理範圍)

properties.isDisabled

boolean

定義規則是否為使用中/非使用中

properties.isGracePeriod

boolean

定義治理規則是否有寬限期

properties.metadata

GovernanceRuleMetadata

治理規則元數據

properties.ownerSource

GovernanceRuleOwnerSource

治理規則的擁有者來源 -- 例如手動 user@contoso.com - 請參閱範例

properties.remediationTimeframe

string

治理規則補救時間範圍 - 這是會影響寬限期間期間的時間,例如 7.00:00:00 - 表示 7 天

properties.rulePriority

integer

治理規則優先順序,優先順序為較低的數位。 不允許在相同範圍上具有相同優先順序的規則

properties.ruleType

GovernanceRuleType

治理規則的規則類型,定義規則的來源,例如整合式

properties.sourceResourceType

GovernanceRuleSourceResourceType

治理規則來源、規則影響的內容,例如評定

properties.tenantId

string

tenantId (GUID)

type

string

資源類型

GovernanceRuleConditionOperator

治理規則條件的運算符,例如等於嚴重性或 In,以取得評量清單,請參閱範例

名稱 類型 Description
Equals

string

檢查 Property 中所定義之數據的字串值是否等於指定的值 - 完全符合

In

string

檢查 Property 中定義的資料字串值是否等於任何指定的值(完全相符)

GovernanceRuleEmailNotification

治理電子郵件每周通知設定

名稱 類型 Description
disableManagerEmailNotification

boolean

定義管理員電子郵件通知是否停用

disableOwnerEmailNotification

boolean

定義是否停用擁有者電子郵件通知

GovernanceRuleMetadata

治理規則元數據

名稱 類型 Description
createdBy

string

由物件識別碼建立的治理規則 (GUID)

createdOn

string

治理規則建立日期

updatedBy

string

治理規則上次由物件識別碼更新 (GUID)

updatedOn

string

治理規則上次更新日期

GovernanceRuleOwnerSource

描述治理規則的擁有者來源

名稱 類型 Description
type

GovernanceRuleOwnerSourceType

治理規則擁有者來源的擁有者類型

value

string

來源值,例如標籤索引鍵,例如擁有者名稱或電子郵件位址

GovernanceRuleOwnerSourceType

治理規則擁有者來源的擁有者類型

名稱 類型 Description
ByTag

string

使用資源標籤定義的規則來源類型

Manually

string

手動定義的規則來源類型

GovernanceRuleSourceResourceType

治理規則來源、規則影響的內容,例如評定

名稱 類型 Description
Assessments

string

治理規則的來源是評量

GovernanceRuleType

治理規則的規則類型,定義規則的來源,例如整合式

名稱 類型 Description
Integrated

string

規則類型定義的來源已整合

ServiceNow

string

規則類型定義的來源是 ServiceNow