Iot Security Solutions Analytics Recommendation - List

服務:

Defender for Cloud

API 版本:

2019-08-01

使用此方法可取得IoT安全性解決方案的匯總安全性分析建議清單。

GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/analyticsModels/default/aggregatedRecommendations?api-version=2019-08-01

含選擇性參數:

GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/analyticsModels/default/aggregatedRecommendations?api-version=2019-08-01&$top={$top}

URI 參數

名稱	位於	必要	類型	Description
resourceGroupName	path	True	string	用戶訂用帳戶內的資源組名。 名稱不區分大小寫。 Regex 模式: ^[-\w\._\(\)]+$
solutionName	path	True	string	IoT 安全性解決方案的名稱。
subscriptionId	path	True	string	Azure 訂用帳戶標識碼 Regex 模式: ^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$
api-version	query	True	string	作業的 API 版本
$top	query		integer int32	要擷取的結果數目。

回應

名稱	類型	Description
200 OK	IoTSecurityAggregatedRecommendationList	還行
Other Status Codes	CloudError	描述作業失敗原因的錯誤回應。

安全性

azure_auth

Azure Active Directory OAuth2 Flow

類型: oauth2
Flow: implicit
授權 URL: https://login.microsoftonline.com/common/oauth2/authorize

範圍

名稱	Description
user_impersonation	模擬您的用戶帳戶

範例

Get the list of aggregated security analytics recommendations of yours IoT Security solution

範例要求

HTTP

GET https://management.azure.com/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Security/iotSecuritySolutions/default/analyticsModels/default/aggregatedRecommendations?api-version=2019-08-01

Java

/**
 * Samples for IotSecuritySolutionsAnalyticsRecommendation List.
 */
public final class Main {
    /*
     * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/
     * IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendationList.json
     */
    /**
     * Sample code: Get the list of aggregated security analytics recommendations of yours IoT Security solution.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void getTheListOfAggregatedSecurityAnalyticsRecommendationsOfYoursIoTSecuritySolution(
        com.azure.resourcemanager.security.SecurityManager manager) {
        manager.iotSecuritySolutionsAnalyticsRecommendations().list("IoTEdgeResources", "default", null,
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendationList.json
func ExampleIotSecuritySolutionsAnalyticsRecommendationClient_NewListPager() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewIotSecuritySolutionsAnalyticsRecommendationClient().NewListPager("IoTEdgeResources", "default", &armsecurity.IotSecuritySolutionsAnalyticsRecommendationClientListOptions{Top: nil})
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.IoTSecurityAggregatedRecommendationList = armsecurity.IoTSecurityAggregatedRecommendationList{
		// 	Value: []*armsecurity.IoTSecurityAggregatedRecommendation{
		// 		{
		// 			Name: to.Ptr("/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/OpenPortsOnDevice"),
		// 			Type: to.Ptr("Microsoft.Security/iotSecuritySolutions/analyticsModels/aggregatedRecommendations"),
		// 			ID: to.Ptr("/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/OpenPortsOnDevice"),
		// 			Properties: &armsecurity.IoTSecurityAggregatedRecommendationProperties{
		// 				Description: to.Ptr("An allowed firewall policy was found in main firewall Chains (INPUT/OUTPUT). The policy should Deny all traffic by default define rules to allow necessary communication to/from the device"),
		// 				DetectedBy: to.Ptr("Microsoft"),
		// 				HealthyDevices: to.Ptr[int64](10000),
		// 				LogAnalyticsQuery: to.Ptr("SecurityRecommendation | where tolower(AssessedResourceId) == tolower('/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Devices/IotHubs/t-ofdadu-hub') and tolower(RecommendationName) == tolower('OpenPortsOnDevice')"),
		// 				RecommendationDisplayName: to.Ptr("Permissive firewall policy in one of the chains was found"),
		// 				RecommendationName: to.Ptr("OpenPortsOnDevice"),
		// 				RecommendationTypeID: to.Ptr("{20ff7fc3-e762-44dd-bd96-b71116dcdc23}"),
		// 				RemediationSteps: to.Ptr(""),
		// 				ReportedSeverity: to.Ptr(armsecurity.ReportedSeverityLow),
		// 				UnhealthyDeviceCount: to.Ptr[int64](200),
		// 			},
		// 		},
		// 		{
		// 			Name: to.Ptr("/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/IoT_InstallAgent"),
		// 			Type: to.Ptr("Microsoft.Security/iotSecuritySolutions/analyticsModels/aggregatedRecommendations"),
		// 			ID: to.Ptr("/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/TooLargeIPRange"),
		// 			Properties: &armsecurity.IoTSecurityAggregatedRecommendationProperties{
		// 				Description: to.Ptr("An allow IP filter rule source IP range is too large. Overly permissive rules can expose your IoT hub to malicious actors."),
		// 				DetectedBy: to.Ptr("Microsoft"),
		// 				HealthyDevices: to.Ptr[int64](130000),
		// 				LogAnalyticsQuery: to.Ptr("SecurityRecommendation | where tolower(AssessedResourceId) == tolower('/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Devices/IotHubs/t-ofdadu-hub') and tolower(RecommendationName) == tolower('TooLargeIPRange')"),
		// 				RecommendationDisplayName: to.Ptr("Permissive firewall policy in one of the chains was found"),
		// 				RecommendationName: to.Ptr("TooLargeIPRange"),
		// 				RecommendationTypeID: to.Ptr("{20ff7fc3-e762-44dd-bd96-b71116dcdc23}"),
		// 				RemediationSteps: to.Ptr(""),
		// 				ReportedSeverity: to.Ptr(armsecurity.ReportedSeverityHigh),
		// 				UnhealthyDeviceCount: to.Ptr[int64](1),
		// 			},
		// 	}},
		// }
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Use this method to get the list of aggregated security analytics recommendations of yours IoT Security solution.
 *
 * @summary Use this method to get the list of aggregated security analytics recommendations of yours IoT Security solution.
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendationList.json
 */
async function getTheListOfAggregatedSecurityAnalyticsRecommendationsOfYoursIoTSecuritySolution() {
  const subscriptionId =
    process.env["SECURITY_SUBSCRIPTION_ID"] || "075423e9-7d33-4166-8bdf-3920b04e3735";
  const resourceGroupName = process.env["SECURITY_RESOURCE_GROUP"] || "IoTEdgeResources";
  const solutionName = "default";
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential, subscriptionId);
  const resArray = new Array();
  for await (let item of client.iotSecuritySolutionsAnalyticsRecommendation.list(
    resourceGroupName,
    solutionName,
  )) {
    resArray.push(item);
  }
  console.log(resArray);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.SecurityCenter;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendationList.json
// this example is just showing the usage of "IotSecuritySolutionsAnalyticsRecommendation_List" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this IotSecuritySolutionAnalyticsModelResource created on azure
// for more information of creating IotSecuritySolutionAnalyticsModelResource, please refer to the document of IotSecuritySolutionAnalyticsModelResource
string subscriptionId = "075423e9-7d33-4166-8bdf-3920b04e3735";
string resourceGroupName = "IoTEdgeResources";
string solutionName = "default";
ResourceIdentifier iotSecuritySolutionAnalyticsModelResourceId = IotSecuritySolutionAnalyticsModelResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, solutionName);
IotSecuritySolutionAnalyticsModelResource iotSecuritySolutionAnalyticsModel = client.GetIotSecuritySolutionAnalyticsModelResource(iotSecuritySolutionAnalyticsModelResourceId);

// get the collection of this IotSecurityAggregatedRecommendationResource
IotSecurityAggregatedRecommendationCollection collection = iotSecuritySolutionAnalyticsModel.GetIotSecurityAggregatedRecommendations();

// invoke the operation and iterate over the result
await foreach (IotSecurityAggregatedRecommendationResource item in collection.GetAllAsync())
{
    // the variable item is a resource, you could call other operations on this instance as well
    // but just for demo, we get its data from this resource instance
    IotSecurityAggregatedRecommendationData resourceData = item.Data;
    // for demo we just print out the id
    Console.WriteLine($"Succeeded on id: {resourceData.Id}");
}

Console.WriteLine($"Succeeded");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

範例回覆

狀態碼:

200

{
  "value": [
    {
      "id": "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/OpenPortsOnDevice",
      "name": "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/OpenPortsOnDevice",
      "type": "Microsoft.Security/iotSecuritySolutions/analyticsModels/aggregatedRecommendations",
      "properties": {
        "recommendationName": "OpenPortsOnDevice",
        "recommendationDisplayName": "Permissive firewall policy in one of the chains was found",
        "description": "An allowed firewall policy was found in main firewall Chains (INPUT/OUTPUT). The policy should Deny all traffic by default define rules to allow necessary communication to/from the device",
        "recommendationTypeId": "{20ff7fc3-e762-44dd-bd96-b71116dcdc23}",
        "detectedBy": "Microsoft",
        "reportedSeverity": "Low",
        "remediationSteps": "",
        "healthyDevices": 10000,
        "unhealthyDeviceCount": 200,
        "logAnalyticsQuery": "SecurityRecommendation | where tolower(AssessedResourceId) == tolower('/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Devices/IotHubs/t-ofdadu-hub') and tolower(RecommendationName) == tolower('OpenPortsOnDevice')"
      }
    },
    {
      "id": "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/TooLargeIPRange",
      "name": "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/IoT_InstallAgent",
      "type": "Microsoft.Security/iotSecuritySolutions/analyticsModels/aggregatedRecommendations",
      "properties": {
        "recommendationName": "TooLargeIPRange",
        "recommendationDisplayName": "Permissive firewall policy in one of the chains was found",
        "description": "An allow IP filter rule source IP range is too large. Overly permissive rules can expose your IoT hub to malicious actors.",
        "recommendationTypeId": "{20ff7fc3-e762-44dd-bd96-b71116dcdc23}",
        "detectedBy": "Microsoft",
        "reportedSeverity": "High",
        "remediationSteps": "",
        "healthyDevices": 130000,
        "unhealthyDeviceCount": 1,
        "logAnalyticsQuery": "SecurityRecommendation | where tolower(AssessedResourceId) == tolower('/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Devices/IotHubs/t-ofdadu-hub') and tolower(RecommendationName) == tolower('TooLargeIPRange')"
      }
    }
  ]
}

定義

名稱	Description
CloudError	所有 Azure Resource Manager API 的常見錯誤回應，以傳回失敗作業的錯誤詳細數據。 （這也遵循 OData 錯誤回應格式。）。
CloudErrorBody	錯誤詳細數據。
ErrorAdditionalInfo	資源管理錯誤其他資訊。
IoTSecurityAggregatedRecommendation	IoT 安全性解決方案建議資訊。
IoTSecurityAggregatedRecommendationList	IoT 安全性解決方案匯總建議的清單。
reportedSeverity	評估的警示嚴重性。

CloudError

所有 Azure Resource Manager API 的常見錯誤回應，以傳回失敗作業的錯誤詳細數據。 （這也遵循 OData 錯誤回應格式。）。

名稱	類型	Description
error.additionalInfo	ErrorAdditionalInfo[]	錯誤其他資訊。
error.code	string	錯誤碼。
error.details	CloudErrorBody[]	錯誤詳細數據。
error.message	string	錯誤訊息。
error.target	string	錯誤目標。

CloudErrorBody

錯誤詳細數據。

名稱	類型	Description
additionalInfo	ErrorAdditionalInfo[]	錯誤其他資訊。
code	string	錯誤碼。
details	CloudErrorBody[]	錯誤詳細數據。
message	string	錯誤訊息。
target	string	錯誤目標。

ErrorAdditionalInfo

資源管理錯誤其他資訊。

名稱	類型	Description
info	object	其他資訊。
type	string	其他信息類型。

IoTSecurityAggregatedRecommendation

IoT 安全性解決方案建議資訊。

名稱	類型	Description
id	string	資源標識碼
name	string	資源名稱
properties.description	string	可疑弱點和意義的描述。
properties.detectedBy	string	提出建議的組織名稱。
properties.healthyDevices	integer	IoT 安全性解決方案內狀況良好的裝置數目。
properties.logAnalyticsQuery	string	用於取得受影響裝置/警示清單的記錄分析查詢。
properties.recommendationDisplayName	string	建議類型的顯示名稱。
properties.recommendationName	string	建議的名稱。
properties.recommendationTypeId	string	建議類型 GUID。
properties.remediationSteps	string	補救的建議步驟
properties.reportedSeverity	reportedSeverity	評估的建議嚴重性。
properties.unhealthyDeviceCount	integer	IoT 安全性解決方案內狀況不良的裝置數目。
tags	object	資源標籤
type	string	資源類型

IoTSecurityAggregatedRecommendationList

IoT 安全性解決方案匯總建議的清單。

名稱	類型	Description
nextLink	string	當某個頁面有太多警示數據時，請使用此 URI 來擷取下一頁。
value	IoTSecurityAggregatedRecommendation[]	匯總的建議數據清單。

reportedSeverity

評估的警示嚴重性。

名稱	類型	Description
High	string
Informational	string
Low	string
Medium	string