Security Center
API spec for Microsoft
COMMUNITYBEARER0 INSTALLS
OpenAPI Specificationv3.0
{
"swagger": "2.0",
"schemes": [
"https"
],
"host": "management.azure.com",
"info": {
"description": "API spec for Microsoft.Security (Azure Security Center) resource provider",
"title": "Security Center",
"version": "2015-06-01-preview",
"x-apisguru-categories": [
"cloud"
],
"x-logo": {
"url": "https://api.apis.guru/v2/cache/logo/https_assets.onestore.ms_cdnfiles_onestorerolling-1606-01000_shell_v3_images_logo_microsoft.png"
},
"x-origin": [
{
"format": "swagger",
"url": "https://raw.githubusercontent.com/Azure/azure-rest-api-specs/master/specification/security/resource-manager/Microsoft.Security/preview/2015-06-01-preview/applicationWhitelistings.json",
"version": "2.0"
}
],
"x-providerName": "azure.com",
"x-serviceName": "security-applicationWhitelistings",
"x-tags": [
"Azure",
"Microsoft"
]
},
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"securityDefinitions": {
"azure_auth": {
"authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize",
"description": "Azure Active Directory OAuth2 Flow",
"flow": "implicit",
"scopes": {
"user_impersonation": "impersonate your user account"
},
"type": "oauth2"
}
},
"security": [
{
"azure_auth": [
"user_impersonation"
]
}
],
"parameters": {
"AppWhitelistingGroupDataPutDataBody": {
"description": "The updated VM/server group data",
"in": "body",
"name": "body",
"required": true,
"schema": {
"$ref": "#/definitions/AppWhitelistingPutGroupData"
},
"x-ms-parameter-location": "method"
},
"GroupName": {
"description": "Name of an application control VM/server group",
"in": "path",
"name": "groupName",
"required": true,
"type": "string",
"x-ms-parameter-location": "method"
},
"IncludePathRecommendations": {
"description": "Include the policy rules",
"enum": [
false,
true
],
"in": "query",
"name": "includePathRecommendations",
"required": false,
"type": "boolean",
"x-ms-parameter-location": "method"
},
"Summary": {
"description": "Return output in a summarized form",
"enum": [
false,
true
],
"in": "query",
"name": "summary",
"required": false,
"type": "boolean",
"x-ms-parameter-location": "method"
}
},
"paths": {
"/subscriptions/{subscriptionId}/providers/Microsoft.Security/applicationWhitelistings": {
"get": {
"description": "Gets a list of application control VM/server groups for the subscription.",
"operationId": "AdaptiveApplicationControls_List",
"parameters": [
{
"description": "Azure subscription ID",
"in": "path",
"name": "subscriptionId",
"pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$",
"required": true,
"type": "string"
},
{
"description": "API version for the operation",
"in": "query",
"name": "api-version",
"required": true,
"type": "string"
},
{
"$ref": "#/parameters/IncludePathRecommendations"
},
{
"$ref": "#/parameters/Summary"
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/AppWhitelistingGroups"
}
},
"default": {
"description": "Error response describing why the operation failed.",
"schema": {
"description": "Error response structure.",
"properties": {
"error": {
"description": "Error details.",
"properties": {
"code": {
"description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.",
"readOnly": true,
"type": "string"
},
"message": {
"description": "A message describing the error, intended to be suitable for display in a user interface.",
"readOnly": true,
"type": "string"
}
},
"type": "object",
"x-ms-external": true
}
},
"type": "object",
"x-ms-external": true
}
}
},
"tags": [
"applicationWhitelistings"
],
"x-ms-examples": {
"Gets a list of application control VM/server groups for the subscription": {
"parameters": {
"api-version": "2015-06-01-preview",
"includePathRecommendations": true,
"subscriptionId": "3eeab341-f466-499c-a8be-85427e154baf",
"summary": false
},
"responses": {
"200": {
"body": {
"value": [
{
"id": "/subscriptions/3eeab341-f466-499c-a8be-85427e154baf/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/AMIT-VA",
"location": "centralus",
"name": "AMIT-VA",
"properties": {
"configurationStatus": "Configured",
"enforcementMode": "Audit",
"issues": [],
"pathRecommendations": [
{
"action": "Remove",
"common": true,
"configurationStatus": "NoStatus",
"fileType": "Exe",
"path": "C:\\Windows\\SoftwareDistribution\\Download\\Install\\Windows-KB890830-x64-V5.53-delta.exe",
"type": "File",
"userSids": [
"S-1-5-18"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "LOCAL SYSTEM"
}
]
},
{
"action": "Remove",
"common": true,
"configurationStatus": "NoStatus",
"fileType": "Exe",
"path": "C:\\WindowsAzure\\GuestAgent_2.7.1198.822\\CollectGuestLogs.exe",
"type": "File",
"userSids": [
"S-1-5-18"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "LOCAL SYSTEM"
}
]
},
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Exe",
"path": "C:\\Windows\\System32\\wbem\\WmiPrvSE.exe",
"publisherInfo": {
"binaryName": "*",
"productName": "*",
"publisherName": "O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US",
"version": "0.0.0.0"
},
"type": "PublisherSignature",
"userSids": [
"S-1-5-18",
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "Everyone"
}
]
},
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Exe",
"path": "%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE",
"type": "File",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "Everyone"
}
]
}
],
"protectionMode": {
"exe": "Audit",
"msi": "Audit",
"script": "None"
},
"recommendationStatus": "Recommended",
"sourceSystem": "Azure_AppLocker",
"vmRecommendations": [
{
"configurationStatus": "Configured",
"recommendationAction": "Recommended",
"resourceId": "/subscriptions/3eeab341-f466-499c-a8be-85427e154baf/resourcegroups/erelh-dsc/providers/microsoft.compute/virtualmachines/erelh-14011"
},
{
"configurationStatus": "Configured",
"recommendationAction": "Recommended",
"resourceId": "/subscriptions/3eeab341-f466-499c-a8be-85427e154baf/resourcegroups/amit-va/providers/microsoft.compute/virtualmachines/ream-test"
},
{
"configurationStatus": "Configured",
"recommendationAction": "Recommended",
"resourceId": "/subscriptions/3eeab341-f466-499c-a8be-85427e154baf/resourcegroups/v-arrikl-scheduledapps/providers/microsoft.compute/virtualmachines/v-arrikl-14060"
}
]
},
"type": "Microsoft.Security/applicationWhitelistings"
},
{
"id": "/subscriptions/3eeab341-f466-499c-a8be-85427e154baf/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/ERELGROUP1",
"location": "centralus",
"name": "ERELGROUP1",
"properties": {
"configurationStatus": "Configured",
"enforcementMode": "Audit",
"issues": [],
"pathRecommendations": [
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Exe",
"path": "[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0",
"publisherInfo": {
"binaryName": "*",
"productName": "*",
"publisherName": "O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US",
"version": "0.0.0.0"
},
"type": "PublisherSignature",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "Everyone"
}
]
}
],
"protectionMode": {
"exe": "Audit",
"msi": "None",
"script": "None"
},
"recommendationStatus": "Recommended",
"sourceSystem": "Azure_AppLocker",
"vmRecommendations": [
{
"configurationStatus": "Configured",
"recommendationAction": "Recommended",
"resourceId": "/subscriptions/3eeab341-f466-499c-a8be-85427e154baf/resourcegroups/erelh-stable/providers/microsoft.compute/virtualmachines/erelh-16090"
}
]
},
"type": "Microsoft.Security/applicationWhitelistings"
},
{
"id": "/subscriptions/3eeab341-f466-499c-a8be-85427e154baf/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/GROUP1",
"location": "centralus",
"name": "GROUP1",
"properties": {
"configurationStatus": "Configured",
"enforcementMode": "Audit",
"issues": [],
"pathRecommendations": [
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Exe",
"path": "[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0",
"publisherInfo": {
"binaryName": "*",
"productName": "*",
"publisherName": "O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US",
"version": "0.0.0.0"
},
"type": "PublisherSignature",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "Everyone"
}
]
},
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Exe",
"path": "%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE",
"publisherInfo": {
"binaryName": "*",
"productName": "MICROSOFT® COREXT",
"publisherName": "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
"version": "0.0.0.0"
},
"type": "ProductSignature",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "NT AUTHORITY\\SYSTEM"
}
]
},
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Exe",
"path": "%PROGRAMFILES%\\RAPID7\\INSIGHT AGENT\\COMPONENTS\\INSIGHT_AGENT\\2.6.7.9\\GET_PROXY.EXE",
"publisherInfo": {
"binaryName": "*",
"productName": "*",
"publisherName": "O=RAPID7 LLC, L=BOSTON, S=MASSACHUSETTS, C=US",
"version": "0.0.0.0"
},
"type": "PublisherSignature",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "NT AUTHORITY\\SYSTEM"
}
]
},
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Exe",
"path": "%PROGRAMFILES%\\GOOGLE\\CHROME\\APPLICATION\\CHROME.EXE",
"publisherInfo": {
"binaryName": "*",
"productName": "GOOGLE CHROME",
"publisherName": "O=GOOGLE LLC, L=MOUNTAIN VIEW, S=CA, C=US",
"version": "0.0.0.0"
},
"type": "ProductSignature",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "NT AUTHORITY\\SYSTEM"
}
]
},
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Exe",
"path": "O=GOOGLE INC, L=MOUNTAIN VIEW, S=CALIFORNIA, C=US\\GOOGLE UPDATE\\*\\0.0.0.0",
"publisherInfo": {
"binaryName": "*",
"productName": "GOOGLE UPDATE",
"publisherName": "O=GOOGLE INC, L=MOUNTAIN VIEW, S=CALIFORNIA, C=US",
"version": "0.0.0.0"
},
"type": "ProductSignature",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "NT AUTHORITY\\SYSTEM"
}
]
}
],
"protectionMode": {
"exe": "Audit",
"msi": "None",
"script": "None"
},
"recommendationStatus": "Recommended",
"sourceSystem": "Azure_AppLocker",
"vmRecommendations": [
{
"configurationStatus": "Configured",
"recommendationAction": "Recommended",
"resourceId": "/subscriptions/3eeab341-f466-499c-a8be-85427e154baf/resourcegroups/talk-va/providers/microsoft.compute/virtualmachines/tal-win-vm"
},
{
"configurationStatus": "Configured",
"recommendationAction": "Recommended",
"resourceId": "/subscriptions/3eeab341-f466-499c-a8be-85427e154baf/resourcegroups/talk-va/providers/microsoft.compute/virtualmachines/tal-win-vm-jit"
},
{
"configurationStatus": "Configured",
"recommendationAction": "Recommended",
"resourceId": "/subscriptions/3eeab341-f466-499c-a8be-85427e154baf/resourcegroups/myresourcegroup/providers/microsoft.compute/virtualmachines/myvmweb"
},
{
"configurationStatus": "Configured",
"recommendationAction": "Recommended",
"resourceId": "/subscriptions/3eeab341-f466-499c-a8be-85427e154baf/resourcegroups/v-arrikl-scheduledapps/providers/microsoft.compute/virtualmachines/v-arrikl-14061"
}
]
},
"type": "Microsoft.Security/applicationWhitelistings"
},
{
"id": "/subscriptions/3eeab341-f466-499c-a8be-85427e154baf/providers/Microsoft.Security/locations/westeurope/applicationWhitelistings/GROUP1",
"location": "westeurope",
"name": "GROUP1",
"properties": {
"configurationStatus": "Configured",
"enforcementMode": "Audit",
"issues": [
{
"issue": "ExecutableViolationsAudited",
"numberOfVms": 1
}
],
"pathRecommendations": [
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Executable",
"path": "/sbin/init",
"type": "File",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "root"
}
]
},
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Executable",
"path": "/sbin/upstart-udev-bridge",
"type": "File",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "root"
}
]
},
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Executable",
"path": "/lib/systemd/systemd-udevd",
"type": "File",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "root"
}
]
},
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Executable",
"path": "/sbin/upstart-socket-bridge",
"type": "File",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "root"
}
]
},
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Executable",
"path": "/sbin/dhclient",
"type": "File",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "root"
}
]
},
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Executable",
"path": "/usr/bin/python3.4",
"type": "File",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "root"
}
]
},
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Executable",
"path": "/sbin/upstart-file-bridge",
"type": "File",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "root"
}
]
},
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Executable",
"path": "/bin/dbus-daemon",
"type": "File",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "messagebus"
}
]
},
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Executable",
"path": "/lib/systemd/systemd-logind",
"type": "File",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "root"
}
]
},
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Executable",
"path": "/sbin/getty",
"type": "File",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "root"
}
]
},
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Executable",
"path": "/usr/sbin/atd",
"type": "File",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "root"
}
]
},
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Executable",
"path": "/usr/sbin/cron",
"type": "File",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "root"
}
]
},
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Executable",
"path": "/usr/sbin/acpid",
"type": "File",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "root"
}
]
},
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Executable",
"path": "/usr/sbin/sshd",
"type": "File",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "root"
}
]
},
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Executable",
"path": "/usr/lib/linux-lts-xenial-tools-4.4.0-103/hv_vss_daemon",
"type": "File",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "root"
}
]
},
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Executable",
"path": "/usr/lib/linux-lts-xenial-tools-4.4.0-103/hv_kvp_daemon",
"type": "File",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "root"
}
]
},
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Executable",
"path": "/usr/sbin/nscd",
"type": "File",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "unscd"
}
]
},
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Executable",
"path": "/usr/sbin/ntpd",
"type": "File",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "ntp"
}
]
},
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Executable",
"path": "/opt/microsoft/auoms/bin/auomscollect",
"type": "File",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "root"
}
]
},
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Executable",
"path": "/opt/omi/bin/omiserver",
"type": "File",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "root"
}
]
},
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Executable",
"path": "/opt/omi/bin/omiengine",
"type": "File",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "omi"
}
]
},
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Executable",
"path": "/opt/omi/bin/omiagent",
"type": "File",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "root"
}
]
},
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Executable",
"path": "/usr/sbin/rsyslogd",
"type": "File",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "syslog"
}
]
},
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Executable",
"path": "/usr/bin/python2.7",
"type": "File",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "root"
},
{
"recommendationAction": "Recommended",
"username": "omsagent"
}
]
},
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Executable",
"path": "/opt/microsoft/omsagent/ruby/bin/ruby",
"type": "File",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "omsagent"
}
]
},
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Executable",
"path": "/opt/microsoft/auoms/bin/auoms",
"type": "File",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "root"
}
]
},
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Executable",
"path": "/usr/local/qualys/cloud-agent/bin/qualys-cloud-agent",
"type": "File",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "root"
}
]
},
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Executable",
"path": "/bin/dash",
"type": "File",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "omsagent"
},
{
"recommendationAction": "Recommended",
"username": "root"
}
]
},
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Executable",
"path": "/bin/sleep",
"type": "File",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "omsagent"
}
]
},
{
"action": "Recommended",
"common": false,
"configurationStatus": "Configured",
"fileType": "Executable",
"path": "/opt/dsc/bin/dsc_host",
"type": "File",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "omsagent"
}
]
},
{
"action": "Recommended",
"common": false,
"configurationStatus": "Configured",
"fileType": "Executable",
"path": "/usr/bin/sudo",
"type": "File",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "root"
}
]
},
{
"action": "Recommended",
"common": false,
"configurationStatus": "Configured",
"fileType": "Executable",
"path": "/bin/bash",
"type": "File",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "root"
}
]
},
{
"action": "Recommended",
"common": false,
"configurationStatus": "Configured",
"fileType": "Executable",
"path": "/usr/bin/apt-get",
"type": "File",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "root"
}
]
},
{
"action": "Recommended",
"common": false,
"configurationStatus": "Configured",
"fileType": "Executable",
"path": "/usr/lib/apt/methods/http",
"type": "File",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "root"
}
]
},
{
"action": "Recommended",
"common": false,
"configurationStatus": "Configured",
"fileType": "Executable",
"path": "/usr/lib/apt/methods/gpgv",
"type": "File",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "root"
}
]
},
{
"action": "Recommended",
"common": false,
"configurationStatus": "Configured",
"fileType": "Executable",
"path": "/usr/lib/apt/methods/copy",
"type": "File",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "root"
}
]
},
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Executable",
"path": "/usr/bin/pgrep",
"type": "File",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "omsagent"
}
]
},
{
"action": "Recommended",
"common": false,
"configurationStatus": "Configured",
"fileType": "Executable",
"path": "/opt/microsoft/omsconfig/bin/omsconsistencyinvoker",
"type": "File",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "omsagent"
}
]
}
],
"protectionMode": {
"executable": "Audit"
},
"recommendationStatus": "Recommended",
"sourceSystem": "Azure_AuditD",
"vmRecommendations": [
{
"configurationStatus": "Configured",
"recommendationAction": "Recommended",
"resourceId": "/subscriptions/3eeab341-f466-499c-a8be-85427e154baf/resourcegroups/nic-no-pip/providers/microsoft.compute/virtualmachines/nic-no-pip-vm"
}
]
},
"type": "Microsoft.Security/applicationWhitelistings"
}
]
}
}
}
}
}
}
},
"/subscriptions/{subscriptionId}/providers/Microsoft.Security/locations/{ascLocation}/applicationWhitelistings/{groupName}": {
"get": {
"description": "Gets an application control VM/server group.",
"operationId": "AdaptiveApplicationControls_Get",
"parameters": [
{
"description": "Azure subscription ID",
"in": "path",
"name": "subscriptionId",
"pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$",
"required": true,
"type": "string"
},
{
"description": "The location where ASC stores the data of the subscription. can be retrieved from Get locations",
"in": "path",
"name": "ascLocation",
"required": true,
"type": "string",
"x-ms-parameter-location": "client"
},
{
"$ref": "#/parameters/GroupName"
},
{
"description": "API version for the operation",
"in": "query",
"name": "api-version",
"required": true,
"type": "string"
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/AppWhitelistingGroup"
}
},
"default": {
"description": "Error response describing why the operation failed.",
"schema": {
"description": "Error response structure.",
"properties": {
"error": {
"description": "Error details.",
"properties": {
"code": {
"description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.",
"readOnly": true,
"type": "string"
},
"message": {
"description": "A message describing the error, intended to be suitable for display in a user interface.",
"readOnly": true,
"type": "string"
}
},
"type": "object",
"x-ms-external": true
}
},
"type": "object",
"x-ms-external": true
}
}
},
"tags": [
"applicationWhitelistings"
],
"x-ms-examples": {
"Gets a configured application control VM/server group": {
"parameters": {
"api-version": "2015-06-01-preview",
"ascLocation": "centralus",
"groupName": "ERELGROUP1",
"subscriptionId": "3eeab341-f466-499c-a8be-85427e154baf"
},
"responses": {
"200": {
"body": {
"id": "/subscriptions/3eeab341-f466-499c-a8be-85427e154baf/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/ERELGROUP1",
"location": "centralus",
"name": "ERELGROUP1",
"properties": {
"configurationStatus": "Configured",
"enforcementMode": "Audit",
"issues": [],
"pathRecommendations": [
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Exe",
"path": "[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0",
"publisherInfo": {
"binaryName": "*",
"productName": "*",
"publisherName": "O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US",
"version": "0.0.0.0"
},
"type": "PublisherSignature",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "Everyone"
}
]
},
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Exe",
"path": "%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE",
"publisherInfo": {
"binaryName": "*",
"productName": "MICROSOFT® COREXT",
"publisherName": "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
"version": "0.0.0.0"
},
"type": "ProductSignature",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "NT AUTHORITY\\SYSTEM"
}
]
},
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Exe",
"path": "%OSDRIVE%\\WINDOWSAZURE\\PACKAGES_201973_7415\\COLLECTGUESTLOGS.EXE",
"publisherInfo": {
"binaryName": "*",
"productName": "*",
"publisherName": "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
"version": "0.0.0.0"
},
"type": "PublisherSignature",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "NT AUTHORITY\\SYSTEM"
}
]
},
{
"action": "Add",
"common": true,
"configurationStatus": "Configured",
"fileType": "Exe",
"path": "C:\\directory\\file.exe",
"type": "File",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "Everyone"
}
]
}
],
"protectionMode": {
"exe": "Audit",
"msi": "Audit",
"script": "None"
},
"recommendationStatus": "Recommended",
"sourceSystem": "Azure_AppLocker",
"vmRecommendations": [
{
"configurationStatus": "Configured",
"recommendationAction": "Recommended",
"resourceId": "/subscriptions/3eeab341-f466-499c-a8be-85427e154baf/resourcegroups/erelh-stable/providers/microsoft.compute/virtualmachines/erelh-16090"
},
{
"configurationStatus": "Configured",
"recommendationAction": "Recommended",
"resourceId": "/subscriptions/3eeab341-f466-499c-a8be-85427e154baf/resourcegroups/matanvs/providers/microsoft.compute/virtualmachines/matanvs19"
}
]
},
"type": "Microsoft.Security/applicationWhitelistings"
}
}
}
}
}
},
"put": {
"description": "Update an application control VM/server group",
"operationId": "AdaptiveApplicationControls_Put",
"parameters": [
{
"description": "Azure subscription ID",
"in": "path",
"name": "subscriptionId",
"pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$",
"required": true,
"type": "string"
},
{
"description": "The location where ASC stores the data of the subscription. can be retrieved from Get locations",
"in": "path",
"name": "ascLocation",
"required": true,
"type": "string",
"x-ms-parameter-location": "client"
},
{
"$ref": "#/parameters/GroupName"
},
{
"description": "API version for the operation",
"in": "query",
"name": "api-version",
"required": true,
"type": "string"
},
{
"$ref": "#/parameters/AppWhitelistingGroupDataPutDataBody"
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/AppWhitelistingGroup"
}
},
"default": {
"description": "Error response describing why the operation failed.",
"schema": {
"description": "Error response structure.",
"properties": {
"error": {
"description": "Error details.",
"properties": {
"code": {
"description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.",
"readOnly": true,
"type": "string"
},
"message": {
"description": "A message describing the error, intended to be suitable for display in a user interface.",
"readOnly": true,
"type": "string"
}
},
"type": "object",
"x-ms-external": true
}
},
"type": "object",
"x-ms-external": true
}
}
},
"tags": [
"applicationWhitelistings"
],
"x-ms-examples": {
"Update an application control VM/server group by adding a new file": {
"parameters": {
"api-version": "2015-06-01-preview",
"ascLocation": "centralus",
"body": {
"id": "/subscriptions/3eeab341-f466-499c-a8be-85427e154baf/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/ERELGROUP1",
"name": "ERELGROUP1",
"properties": {
"enforcementMode": "Audit",
"pathRecommendations": [
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Exe",
"path": "[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0",
"publisherInfo": {
"binaryName": "*",
"productName": "*",
"publisherName": "O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US",
"version": "0.0.0.0"
},
"type": "PublisherSignature",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "Everyone"
}
]
},
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Exe",
"path": "%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE",
"publisherInfo": {
"binaryName": "*",
"productName": "MICROSOFT® COREXT",
"publisherName": "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
"version": "0.0.0.0"
},
"type": "ProductSignature",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "NT AUTHORITY\\SYSTEM"
}
]
},
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Exe",
"path": "%OSDRIVE%\\WINDOWSAZURE\\PACKAGES_201973_7415\\COLLECTGUESTLOGS.EXE",
"publisherInfo": {
"binaryName": "*",
"productName": "*",
"publisherName": "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
"version": "0.0.0.0"
},
"type": "PublisherSignature",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "NT AUTHORITY\\SYSTEM"
}
]
},
{
"action": "Add",
"common": true,
"path": "C:\\directory\\file.exe",
"type": "File"
}
],
"protectionMode": {
"exe": "Audit",
"msi": "None",
"script": "None"
},
"vmRecommendations": [
{
"configurationStatus": "Configured",
"recommendationAction": "Recommended",
"resourceId": "/subscriptions/3eeab341-f466-499c-a8be-85427e154baf/resourcegroups/erelh-stable/providers/microsoft.compute/virtualmachines/erelh-16090"
},
{
"configurationStatus": "Configured",
"recommendationAction": "Recommended",
"resourceId": "/subscriptions/3eeab341-f466-499c-a8be-85427e154baf/resourcegroups/matanvs/providers/microsoft.compute/virtualmachines/matanvs19"
}
]
},
"type": "Microsoft.Security/applicationWhitelistings"
},
"groupName": "ERELGROUP1",
"subscriptionId": "3eeab341-f466-499c-a8be-85427e154baf"
},
"responses": {
"200": {
"body": {
"id": "/subscriptions/3eeab341-f466-499c-a8be-85427e154baf/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/ERELGROUP1",
"location": "centralus",
"name": "ERELGROUP1",
"properties": {
"configurationStatus": "InProgress",
"enforcementMode": "Audit",
"issues": [],
"pathRecommendations": [
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Exe",
"path": "[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0",
"publisherInfo": {
"binaryName": "*",
"productName": "*",
"publisherName": "O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US",
"version": "0.0.0.0"
},
"type": "PublisherSignature",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "Everyone"
}
]
},
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Exe",
"path": "%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE",
"publisherInfo": {
"binaryName": "*",
"productName": "MICROSOFT® COREXT",
"publisherName": "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
"version": "0.0.0.0"
},
"type": "ProductSignature",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "NT AUTHORITY\\SYSTEM"
}
]
},
{
"action": "Recommended",
"common": true,
"configurationStatus": "Configured",
"fileType": "Exe",
"path": "%OSDRIVE%\\WINDOWSAZURE\\PACKAGES_201973_7415\\COLLECTGUESTLOGS.EXE",
"publisherInfo": {
"binaryName": "*",
"productName": "*",
"publisherName": "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
"version": "0.0.0.0"
},
"type": "PublisherSignature",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "NT AUTHORITY\\SYSTEM"
}
]
},
{
"action": "Add",
"common": true,
"configurationStatus": "NotConfigured",
"fileType": "Exe",
"path": "C:\\directory\\file.exe",
"type": "File",
"userSids": [
"S-1-1-0"
],
"usernames": [
{
"recommendationAction": "Recommended",
"username": "Everyone"
}
]
}
],
"protectionMode": {
"exe": "Audit",
"msi": "None",
"script": "None"
},
"recommendationStatus": "Recommended",
"sourceSystem": "Azure_AppLocker",
"vmRecommendations": [
{
"recommendationAction": "Recommended",
"resourceId": "/subscriptions/3eeab341-f466-499c-a8be-85427e154baf/resourcegroups/erelh-stable/providers/microsoft.compute/virtualmachines/erelh-16090"
},
{
"recommendationAction": "Recommended",
"resourceId": "/subscriptions/3eeab341-f466-499c-a8be-85427e154baf/resourcegroups/matanvs/providers/microsoft.compute/virtualmachines/matanvs19"
}
]
},
"type": "Microsoft.Security/applicationWhitelistings"
}
}
}
}
}
}
}
},
"definitions": {
"AppWhitelistingGroup": {
"allOf": [
{
"description": "Describes an Azure resource.",
"properties": {
"id": {
"description": "Resource Id",
"readOnly": true,
"type": "string"
},
"name": {
"description": "Resource name",
"readOnly": true,
"type": "string"
},
"type": {
"description": "Resource type",
"readOnly": true,
"type": "string"
}
},
"type": "object",
"x-ms-azure-resource": true
},
{
"description": "Describes an Azure resource with location",
"properties": {
"location": {
"description": "Location where the resource is stored",
"readOnly": true,
"type": "string"
}
},
"type": "object"
}
],
"properties": {
"properties": {
"$ref": "#/definitions/AppWhitelistingGroupData",
"x-ms-client-flatten": true
}
},
"required": [
"properties"
],
"type": "object"
},
"AppWhitelistingGroupData": {
"description": "Represents a VM/server group and set of rules that are Recommended by Azure Security Center to be allowed",
"properties": {
"configurationStatus": {
"$ref": "#/definitions/ConfigurationStatus"
},
"enforcementMode": {
"$ref": "#/definitions/EnforcementMode"
},
"issues": {
"$ref": "#/definitions/AppWhitelistingIssuesSummaries"
},
"pathRecommendations": {
"$ref": "#/definitions/PathRecommendations"
},
"protectionMode": {
"$ref": "#/definitions/ProtectionMode"
},
"recommendationStatus": {
"$ref": "#/definitions/RecommendationStatus"
},
"sourceSystem": {
"$ref": "#/definitions/SourceSystem"
},
"vmRecommendations": {
"$ref": "#/definitions/VmRecommendations"
}
},
"type": "object"
},
"AppWhitelistingGroups": {
"description": "Represents a list of VM/server groups and set of rules that are Recommended by Azure Security Center to be allowed",
"properties": {
"value": {
"items": {
"$ref": "#/definitions/AppWhitelistingGroup"
},
"type": "array"
}
},
"type": "object"
},
"AppWhitelistingIssue": {
"description": "An alert that VMs/servers within a group can have",
"enum": [
"ViolationsAudited",
"ViolationsBlocked",
"MsiAndScriptViolationsAudited",
"MsiAndScriptViolationsBlocked",
"ExecutableViolationsAudited",
"RulesViolatedManually"
],
"type": "string"
},
"AppWhitelistingIssueSummary": {
"description": "Represents a summary of the alerts of the VM/server group",
"properties": {
"issue": {
"$ref": "#/definitions/AppWhitelistingIssue"
},
"numberOfVms": {
"description": "The number of machines in the VM/server group that have this alert",
"type": "number"
}
},
"type": "object"
},
"AppWhitelistingIssuesSummaries": {
"items": {
"$ref": "#/definitions/AppWhitelistingIssueSummary"
},
"type": "array"
},
"AppWhitelistingPutGroupData": {
"description": "The altered data of the recommended VM/server group policy",
"properties": {
"enforcementMode": {
"$ref": "#/definitions/EnforcementMode",
"description": "The enforcement mode of the group. Can also be defined per collection type by using ProtectionMode"
},
"pathRecommendations": {
"$ref": "#/definitions/PathRecommendations"
},
"protectionMode": {
"$ref": "#/definitions/ProtectionMode",
"description": "The protection mode of the group per collection type. Can also be defined for all collection types by using EnforcementMode"
},
"vmRecommendations": {
"$ref": "#/definitions/VmRecommendations"
}
},
"type": "object"
},
"AppWhitelistingResourceType": {
"description": "The resource type of the application control resources",
"example": "Microsoft.Security/applicationWhitelistings",
"type": "string"
},
"ConfigurationStatus": {
"description": "The configuration status of the VM/server group or machine or rule on the machine",
"enum": [
"Configured",
"NotConfigured",
"InProgress",
"Failed",
"NoStatus"
],
"type": "string"
},
"EnforcementMode": {
"description": "The application control policy enforcement/protection mode of the VM/server group",
"enum": [
"Audit",
"Enforce",
"None"
],
"type": "string"
},
"FileType": {
"description": "The type of the file (for Linux files - Executable is used)",
"enum": [
"Exe",
"Dll",
"Msi",
"Script",
"Executable",
"Unknown"
],
"type": "string"
},
"GroupResourceId": {
"description": "The azure resource id of the application control VM/server group",
"example": "/subscriptions/12345678-1234-1234-1234-123456789123/providers/Microsoft.Security/applicationWhitelistings/GROUP1",
"type": "string"
},
"PathRecommendation": {
"description": "Represents a path that is recommended to be allowed and its properties",
"properties": {
"action": {
"$ref": "#/definitions/RecommendationAction"
},
"common": {
"description": "Whether the path is commonly run on the machine",
"type": "boolean"
},
"configurationStatus": {
"$ref": "#/definitions/ConfigurationStatus"
},
"fileType": {
"$ref": "#/definitions/FileType"
},
"path": {
"description": "The full path to whitelist",
"example": "C:\\Windows\\System32\\calc.exe",
"type": "string"
},
"publisherInfo": {
"$ref": "#/definitions/PublisherInfo"
},
"type": {
"$ref": "#/definitions/RecommendationType"
},
"userSids": {
"items": {
"description": "A security identifier",
"example": "S-1-5-18",
"type": "string"
},
"type": "array"
},
"usernames": {
"items": {
"$ref": "#/definitions/UserRecommendation"
},
"type": "array"
}
},
"type": "object"
},
"PathRecommendations": {
"items": {
"$ref": "#/definitions/PathRecommendation"
},
"type": "array"
},
"ProtectionMode": {
"description": "The protection mode of the collection/file types. Exe/Msi/Script are used for Windows, Executable is used for Linux.",
"properties": {
"exe": {
"$ref": "#/definitions/EnforcementMode"
},
"executable": {
"$ref": "#/definitions/EnforcementMode"
},
"msi": {
"$ref": "#/definitions/EnforcementMode"
},
"script": {
"$ref": "#/definitions/EnforcementMode"
}
},
"type": "object"
},
"PublisherInfo": {
"description": "Represents the publisher information of a process/rule",
"properties": {
"binaryName": {
"description": "The \"OriginalName\" field taken from the file's version resource",
"example": "CHROME.EXE",
"type": "string"
},
"productName": {
"description": "The product name taken from the file's version resource",
"example": "GOOGLE CHROME",
"type": "string"
},
"publisherName": {
"description": "The Subject field of the x.509 certificate used to sign the code, using the following fields - O = Organization, L = Locality, S = State or Province, and C = Country",
"example": "O=GOOGLE INC, L=MOUNTAIN VIEW, S=CALIFORNIA, C=US",
"type": "string"
},
"version": {
"description": "The binary file version taken from the file's version resource",
"example": "66.0.3359.139",
"type": "string"
}
},
"type": "object"
},
"RecommendationAction": {
"description": "The recommendation action of the VM/server or rule",
"enum": [
"Recommended",
"Add",
"Remove"
],
"type": "string"
},
"RecommendationStatus": {
"description": "The recommendation status of the VM/server group or VM/server",
"enum": [
"Recommended",
"NotRecommended",
"NotAvailable",
"NoStatus"
],
"type": "string"
},
"RecommendationType": {
"description": "The type of the rule to be allowed",
"enum": [
"File",
"FileHash",
"PublisherSignature",
"ProductSignature",
"BinarySignature",
"VersionAndAboveSignature"
],
"type": "string"
},
"SourceSystem": {
"description": "The source type of the VM/server group",
"enum": [
"Azure_AppLocker",
"Azure_AuditD",
"NonAzure_AppLocker",
"NonAzure_AuditD",
"None"
],
"type": "string"
},
"UserRecommendation": {
"description": "Represents a user that is recommended to be allowed for a certain rule",
"properties": {
"recommendationAction": {
"$ref": "#/definitions/RecommendationAction"
},
"username": {
"description": "Represents a user that is recommended to be allowed for a certain rule",
"example": "LOCAL SYSTEM",
"type": "string"
}
},
"type": "object"
},
"VmRecommendation": {
"description": "Represents a machine that is part of a VM/server group",
"properties": {
"configurationStatus": {
"$ref": "#/definitions/ConfigurationStatus"
},
"recommendationAction": {
"$ref": "#/definitions/RecommendationAction"
},
"resourceId": {
"$ref": "#/definitions/VmResourceId"
}
},
"type": "object"
},
"VmRecommendations": {
"items": {
"$ref": "#/definitions/VmRecommendation"
},
"type": "array"
},
"VmResourceId": {
"description": "The full azure resource id of the machine",
"example": "/subscriptions/12345678-1234-1234-1234-123456789123/resourcegroups/group/providers/microsoft.compute/virtualmachines/vm",
"type": "string"
}
}
}