Security Center
API spec for Microsoft
COMMUNITYBEARER0 INSTALLS
OpenAPI Specificationv3.0
{
"swagger": "2.0",
"schemes": [
"https"
],
"host": "management.azure.com",
"info": {
"description": "API spec for Microsoft.Security (Azure Security Center) resource provider",
"title": "Security Center",
"version": "2019-08-01",
"x-apisguru-categories": [
"cloud"
],
"x-logo": {
"url": "https://api.apis.guru/v2/cache/logo/https_assets.onestore.ms_cdnfiles_onestorerolling-1606-01000_shell_v3_images_logo_microsoft.png"
},
"x-origin": [
{
"format": "swagger",
"url": "https://raw.githubusercontent.com/Azure/azure-rest-api-specs/master/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/iotSecuritySolutions.json",
"version": "2.0"
}
],
"x-preferred": true,
"x-providerName": "azure.com",
"x-serviceName": "security-iotSecuritySolutions",
"x-tags": [
"Azure",
"Microsoft"
]
},
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"securityDefinitions": {
"azure_auth": {
"authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize",
"description": "Azure Active Directory OAuth2 Flow",
"flow": "implicit",
"scopes": {
"user_impersonation": "impersonate your user account"
},
"type": "oauth2"
}
},
"security": [
{
"azure_auth": [
"user_impersonation"
]
}
],
"parameters": {
"FilterParam": {
"description": "Filter the IoT Security solution with OData syntax. Supports filtering by iotHubs.",
"in": "query",
"name": "$filter",
"required": false,
"type": "string",
"x-ms-parameter-location": "method"
},
"IotSecuritySolutionData": {
"description": "The security solution data",
"in": "body",
"name": "iotSecuritySolutionData",
"required": true,
"schema": {
"$ref": "#/definitions/IoTSecuritySolutionModel"
},
"x-ms-parameter-location": "method"
},
"SolutionName": {
"description": "The name of the IoT Security solution.",
"in": "path",
"name": "solutionName",
"required": true,
"type": "string",
"x-ms-parameter-location": "method"
},
"UpdateIotSecuritySolution": {
"description": "The security solution data",
"in": "body",
"name": "updateIotSecuritySolutionData",
"required": true,
"schema": {
"$ref": "#/definitions/UpdateIotSecuritySolutionData"
},
"x-ms-parameter-location": "method"
}
},
"paths": {
"/subscriptions/{subscriptionId}/providers/Microsoft.Security/iotSecuritySolutions": {
"get": {
"description": "Use this method to get the list of IoT Security solutions by subscription.",
"operationId": "IotSecuritySolution_ListBySubscription",
"parameters": [
{
"description": "API version for the operation",
"in": "query",
"name": "api-version",
"required": true,
"type": "string"
},
{
"description": "Azure subscription ID",
"in": "path",
"name": "subscriptionId",
"pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$",
"required": true,
"type": "string"
},
{
"$ref": "#/parameters/FilterParam"
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/IoTSecuritySolutionsList"
}
},
"default": {
"description": "Error response describing why the operation failed.",
"schema": {
"description": "Error response structure.",
"properties": {
"error": {
"description": "Error details.",
"properties": {
"code": {
"description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.",
"readOnly": true,
"type": "string"
},
"message": {
"description": "A message describing the error, intended to be suitable for display in a user interface.",
"readOnly": true,
"type": "string"
}
},
"type": "object",
"x-ms-external": true
}
},
"type": "object",
"x-ms-external": true
}
}
},
"tags": [
"IoT Security Solution"
],
"x-ms-examples": {
"List IoT Security solutions by IoT Hub": {
"parameters": {
"$filter": "properties.iotHubs/any(i eq \"/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub\")",
"api-version": "2019-08-01",
"subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23"
},
"responses": {
"200": {
"body": {
"value": [
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default",
"location": "East Us",
"name": "default",
"properties": {
"autoDiscoveredResources": [
"/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735",
"/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub"
],
"disabledDataSources": [],
"displayName": "Solution Default",
"export": [
"RawEvents"
],
"iotHubs": [
"/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub"
],
"recommendationsConfiguration": [
{
"name": "Service Principal Not Used with ACR",
"recommendationType": "IoT_ACRAuthentication",
"status": "Enabled"
},
{
"name": "Agent sending underutilized messages",
"recommendationType": "IoT_AgentSendsUnutilizedMessages",
"status": "TurnedOn"
},
{
"name": "Operating system (OS) baseline validation failure",
"recommendationType": "IoT_Baseline",
"status": "Enabled"
},
{
"name": "Edge Hub memory can be optimized",
"recommendationType": "IoT_EdgeHubMemOptimize",
"status": "Enabled"
},
{
"name": "No Logging Configured for Edge Module",
"recommendationType": "IoT_EdgeLoggingOptions",
"status": "Enabled"
},
{
"name": "Module Settings Inconsistent in SecurityGroup",
"recommendationType": "IoT_InconsistentModuleSettings",
"status": "Enabled"
},
{
"name": "Install the Azure Security of Things Agent",
"recommendationType": "IoT_InstallAgent",
"status": "Enabled"
},
{
"name": "Default IP Filter Policy should be Deny",
"recommendationType": "IoT_IPFilter_DenyAll",
"status": "Enabled"
},
{
"name": "IP Filter rule includes large IP range",
"recommendationType": "IoT_IPFilter_PermissiveRule",
"status": "Enabled"
},
{
"name": "Open Ports On Device",
"recommendationType": "IoT_OpenPorts",
"status": "Disabled"
},
{
"name": "Permissive firewall policy in one of the chains was found",
"recommendationType": "IoT_PermissiveFirewallPolicy",
"status": "Enabled"
},
{
"name": "Permissive firewall rule in the input chain was found",
"recommendationType": "IoT_PermissiveInputFirewallRules",
"status": "Enabled"
},
{
"name": "Permissive firewall rule in the output chain was found",
"recommendationType": "IoT_PermissiveOutputFirewallRules",
"status": "Enabled"
},
{
"name": "High level permissions configured in Edge model twin for Edge module",
"recommendationType": "IoT_PrivilegedDockerOptions",
"status": "Enabled"
},
{
"name": "Same Authentication Credentials used by multiple devices",
"recommendationType": "IoT_SharedCredentials",
"status": "Disabled"
},
{
"name": "TLS cipher suite upgrade",
"recommendationType": "IoT_VulnerableTLSCipherSuite",
"status": "Enabled"
}
],
"status": "Enabled",
"unmaskedIpLoggingStatus": "Enabled",
"userDefinedResources": {
"query": "where type != \"microsoft.devices/iothubs\" | where name contains \"iot\"",
"querySubscriptions": [
"075423e9-7d33-4166-8bdf-3920b04e3735"
]
},
"workspace": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1"
},
"tags": {},
"type": "Microsoft.Security/IoTSecuritySolutions"
}
]
}
}
}
},
"List IoT Security solutions by subscription": {
"parameters": {
"api-version": "2019-08-01",
"subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23"
},
"responses": {
"200": {
"body": {
"value": [
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default",
"location": "East Us",
"name": "default",
"properties": {
"autoDiscoveredResources": [
"/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735",
"/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub"
],
"disabledDataSources": [],
"displayName": "Solution Default",
"export": [],
"iotHubs": [
"/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub"
],
"recommendationsConfiguration": [
{
"name": "Service Principal Not Used with ACR",
"recommendationType": "IoT_ACRAuthentication",
"status": "Enabled"
},
{
"name": "Agent sending underutilized messages",
"recommendationType": "IoT_AgentSendsUnutilizedMessages",
"status": "TurnedOn"
},
{
"name": "Operating system (OS) baseline validation failure",
"recommendationType": "IoT_Baseline",
"status": "Enabled"
},
{
"name": "Edge Hub memory can be optimized",
"recommendationType": "IoT_EdgeHubMemOptimize",
"status": "Enabled"
},
{
"name": "No Logging Configured for Edge Module",
"recommendationType": "IoT_EdgeLoggingOptions",
"status": "Enabled"
},
{
"name": "Module Settings Inconsistent in SecurityGroup",
"recommendationType": "IoT_InconsistentModuleSettings",
"status": "Enabled"
},
{
"name": "Install the Azure Security of Things Agent",
"recommendationType": "IoT_InstallAgent",
"status": "Enabled"
},
{
"name": "Default IP Filter Policy should be Deny",
"recommendationType": "IoT_IPFilter_DenyAll",
"status": "Enabled"
},
{
"name": "IP Filter rule includes large IP range",
"recommendationType": "IoT_IPFilter_PermissiveRule",
"status": "Enabled"
},
{
"name": "Open Ports On Device",
"recommendationType": "IoT_OpenPorts",
"status": "Disabled"
},
{
"name": "Permissive firewall policy in one of the chains was found",
"recommendationType": "IoT_PermissiveFirewallPolicy",
"status": "Enabled"
},
{
"name": "Permissive firewall rule in the input chain was found",
"recommendationType": "IoT_PermissiveInputFirewallRules",
"status": "Enabled"
},
{
"name": "Permissive firewall rule in the output chain was found",
"recommendationType": "IoT_PermissiveOutputFirewallRules",
"status": "Enabled"
},
{
"name": "High level permissions configured in Edge model twin for Edge module",
"recommendationType": "IoT_PrivilegedDockerOptions",
"status": "Enabled"
},
{
"name": "Same Authentication Credentials used by multiple devices",
"recommendationType": "IoT_SharedCredentials",
"status": "Disabled"
},
{
"name": "TLS cipher suite upgrade",
"recommendationType": "IoT_VulnerableTLSCipherSuite",
"status": "Enabled"
}
],
"status": "Enabled",
"unmaskedIpLoggingStatus": "Enabled",
"userDefinedResources": {
"query": "where type != \"microsoft.devices/iothubs\" | where name contains \"iot\"",
"querySubscriptions": [
"075423e9-7d33-4166-8bdf-3920b04e3735"
]
},
"workspace": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1"
},
"tags": {},
"type": "Microsoft.Security/IoTSecuritySolutions"
},
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/SecondGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/sec-solution",
"location": "East Us",
"name": "sec-solution",
"properties": {
"autoDiscoveredResources": [
"/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735",
"/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/IotHubSecond"
],
"disabledDataSources": [],
"displayName": "Second Solution",
"export": [
"RawEvents"
],
"iotHubs": [
"/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/IotHubSecond"
],
"recommendationsConfiguration": [
{
"name": "Service Principal Not Used with ACR",
"recommendationType": "IoT_ACRAuthentication",
"status": "Enabled"
},
{
"name": "Agent sending underutilized messages",
"recommendationType": "IoT_AgentSendsUnutilizedMessages",
"status": "TurnedOn"
},
{
"name": "Operating system (OS) baseline validation failure",
"recommendationType": "IoT_Baseline",
"status": "Enabled"
},
{
"name": "Edge Hub memory can be optimized",
"recommendationType": "IoT_EdgeHubMemOptimize",
"status": "Enabled"
},
{
"name": "No Logging Configured for Edge Module",
"recommendationType": "IoT_EdgeLoggingOptions",
"status": "Enabled"
},
{
"name": "Module Settings Inconsistent in SecurityGroup",
"recommendationType": "IoT_InconsistentModuleSettings",
"status": "Enabled"
},
{
"name": "Install the Azure Security of Things Agent",
"recommendationType": "IoT_InstallAgent",
"status": "Enabled"
},
{
"name": "Default IP Filter Policy should be Deny",
"recommendationType": "IoT_IPFilter_DenyAll",
"status": "Enabled"
},
{
"name": "IP Filter rule includes large IP range",
"recommendationType": "IoT_IPFilter_PermissiveRule",
"status": "Enabled"
},
{
"name": "Open Ports On Device",
"recommendationType": "IoT_OpenPorts",
"status": "Disabled"
},
{
"name": "Permissive firewall policy in one of the chains was found",
"recommendationType": "IoT_PermissiveFirewallPolicy",
"status": "Enabled"
},
{
"name": "Permissive firewall rule in the input chain was found",
"recommendationType": "IoT_PermissiveInputFirewallRules",
"status": "Enabled"
},
{
"name": "Permissive firewall rule in the output chain was found",
"recommendationType": "IoT_PermissiveOutputFirewallRules",
"status": "Enabled"
},
{
"name": "High level permissions configured in Edge model twin for Edge module",
"recommendationType": "IoT_PrivilegedDockerOptions",
"status": "Enabled"
},
{
"name": "Same Authentication Credentials used by multiple devices",
"recommendationType": "IoT_SharedCredentials",
"status": "Disabled"
},
{
"name": "TLS cipher suite upgrade",
"recommendationType": "IoT_VulnerableTLSCipherSuite",
"status": "Enabled"
}
],
"status": "Enabled",
"unmaskedIpLoggingStatus": "Enabled",
"userDefinedResources": {
"query": "where type != \"microsoft.devices/iothubs\" | where name contains \"iot\"",
"querySubscriptions": [
"075423e9-7d33-4166-8bdf-3920b04e3735"
]
},
"workspace": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1"
},
"tags": {},
"type": "Microsoft.Security/IoTSecuritySolutions"
}
]
}
}
}
}
},
"x-ms-pageable": {
"nextLinkName": "nextLink"
}
}
},
"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions": {
"get": {
"description": "Use this method to get the list IoT Security solutions organized by resource group.",
"operationId": "IotSecuritySolution_ListByResourceGroup",
"parameters": [
{
"description": "API version for the operation",
"in": "query",
"name": "api-version",
"required": true,
"type": "string"
},
{
"description": "Azure subscription ID",
"in": "path",
"name": "subscriptionId",
"pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$",
"required": true,
"type": "string"
},
{
"description": "The name of the resource group within the user's subscription. The name is case insensitive.",
"in": "path",
"maxLength": 90,
"minLength": 1,
"name": "resourceGroupName",
"pattern": "^[-\\w\\._\\(\\)]+$",
"required": true,
"type": "string",
"x-ms-parameter-location": "method"
},
{
"$ref": "#/parameters/FilterParam"
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/IoTSecuritySolutionsList"
}
},
"default": {
"description": "Error response describing why the operation failed.",
"schema": {
"description": "Error response structure.",
"properties": {
"error": {
"description": "Error details.",
"properties": {
"code": {
"description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.",
"readOnly": true,
"type": "string"
},
"message": {
"description": "A message describing the error, intended to be suitable for display in a user interface.",
"readOnly": true,
"type": "string"
}
},
"type": "object",
"x-ms-external": true
}
},
"type": "object",
"x-ms-external": true
}
}
},
"tags": [
"IoT Security Solution"
],
"x-ms-examples": {
"List IoT Security solutions by resource group": {
"parameters": {
"api-version": "2019-08-01",
"resourceGroupName": "MyGroup",
"subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23"
},
"responses": {
"200": {
"body": {
"value": [
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default",
"location": "East Us",
"name": "default",
"properties": {
"autoDiscoveredResources": [
"/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735",
"/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub"
],
"disabledDataSources": [],
"displayName": "Solution Default",
"export": [],
"iotHubs": [
"/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub"
],
"recommendationsConfiguration": [
{
"name": "Service Principal Not Used with ACR",
"recommendationType": "IoT_ACRAuthentication",
"status": "Enabled"
},
{
"name": "Agent sending underutilized messages",
"recommendationType": "IoT_AgentSendsUnutilizedMessages",
"status": "TurnedOn"
},
{
"name": "Operating system (OS) baseline validation failure",
"recommendationType": "IoT_Baseline",
"status": "Enabled"
},
{
"name": "Edge Hub memory can be optimized",
"recommendationType": "IoT_EdgeHubMemOptimize",
"status": "Enabled"
},
{
"name": "No Logging Configured for Edge Module",
"recommendationType": "IoT_EdgeLoggingOptions",
"status": "Enabled"
},
{
"name": "Module Settings Inconsistent in SecurityGroup",
"recommendationType": "IoT_InconsistentModuleSettings",
"status": "Enabled"
},
{
"name": "Install the Azure Security of Things Agent",
"recommendationType": "IoT_InstallAgent",
"status": "Enabled"
},
{
"name": "Default IP Filter Policy should be Deny",
"recommendationType": "IoT_IPFilter_DenyAll",
"status": "Enabled"
},
{
"name": "IP Filter rule includes large IP range",
"recommendationType": "IoT_IPFilter_PermissiveRule",
"status": "Enabled"
},
{
"name": "Open Ports On Device",
"recommendationType": "IoT_OpenPorts",
"status": "Disabled"
},
{
"name": "Permissive firewall policy in one of the chains was found",
"recommendationType": "IoT_PermissiveFirewallPolicy",
"status": "Enabled"
},
{
"name": "Permissive firewall rule in the input chain was found",
"recommendationType": "IoT_PermissiveInputFirewallRules",
"status": "Enabled"
},
{
"name": "Permissive firewall rule in the output chain was found",
"recommendationType": "IoT_PermissiveOutputFirewallRules",
"status": "Enabled"
},
{
"name": "High level permissions configured in Edge model twin for Edge module",
"recommendationType": "IoT_PrivilegedDockerOptions",
"status": "Enabled"
},
{
"name": "Same Authentication Credentials used by multiple devices",
"recommendationType": "IoT_SharedCredentials",
"status": "Disabled"
},
{
"name": "TLS cipher suite upgrade",
"recommendationType": "IoT_VulnerableTLSCipherSuite",
"status": "Enabled"
}
],
"status": "Enabled",
"unmaskedIpLoggingStatus": "Enabled",
"userDefinedResources": {
"query": "where type != \"microsoft.devices/iothubs\" | where name contains \"iot\"",
"querySubscriptions": [
"075423e9-7d33-4166-8bdf-3920b04e3735"
]
},
"workspace": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1"
},
"tags": {},
"type": "Microsoft.Security/IoTSecuritySolutions"
}
]
}
}
}
},
"List IoT Security solutions by resource group and IoT Hub": {
"parameters": {
"$filter": "properties.iotHubs/any(i eq \"/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub\")",
"api-version": "2019-08-01",
"resourceGroupName": "MyRg",
"subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23"
},
"responses": {
"200": {
"body": {
"value": [
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyRg/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default",
"location": "East Us",
"name": "default",
"properties": {
"autoDiscoveredResources": [
"/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735",
"/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub"
],
"disabledDataSources": [],
"displayName": "Solution Default",
"export": [
"RawEvents"
],
"iotHubs": [
"/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub"
],
"recommendationsConfiguration": [
{
"name": "Service Principal Not Used with ACR",
"recommendationType": "IoT_ACRAuthentication",
"status": "Enabled"
},
{
"name": "Agent sending underutilized messages",
"recommendationType": "IoT_AgentSendsUnutilizedMessages",
"status": "TurnedOn"
},
{
"name": "Operating system (OS) baseline validation failure",
"recommendationType": "IoT_Baseline",
"status": "Enabled"
},
{
"name": "Edge Hub memory can be optimized",
"recommendationType": "IoT_EdgeHubMemOptimize",
"status": "Enabled"
},
{
"name": "No Logging Configured for Edge Module",
"recommendationType": "IoT_EdgeLoggingOptions",
"status": "Enabled"
},
{
"name": "Module Settings Inconsistent in SecurityGroup",
"recommendationType": "IoT_InconsistentModuleSettings",
"status": "Enabled"
},
{
"name": "Install the Azure Security of Things Agent",
"recommendationType": "IoT_InstallAgent",
"status": "Enabled"
},
{
"name": "Default IP Filter Policy should be Deny",
"recommendationType": "IoT_IPFilter_DenyAll",
"status": "Enabled"
},
{
"name": "IP Filter rule includes large IP range",
"recommendationType": "IoT_IPFilter_PermissiveRule",
"status": "Enabled"
},
{
"name": "Open Ports On Device",
"recommendationType": "IoT_OpenPorts",
"status": "Disabled"
},
{
"name": "Permissive firewall policy in one of the chains was found",
"recommendationType": "IoT_PermissiveFirewallPolicy",
"status": "Enabled"
},
{
"name": "Permissive firewall rule in the input chain was found",
"recommendationType": "IoT_PermissiveInputFirewallRules",
"status": "Enabled"
},
{
"name": "Permissive firewall rule in the output chain was found",
"recommendationType": "IoT_PermissiveOutputFirewallRules",
"status": "Enabled"
},
{
"name": "High level permissions configured in Edge model twin for Edge module",
"recommendationType": "IoT_PrivilegedDockerOptions",
"status": "Enabled"
},
{
"name": "Same Authentication Credentials used by multiple devices",
"recommendationType": "IoT_SharedCredentials",
"status": "Disabled"
},
{
"name": "TLS cipher suite upgrade",
"recommendationType": "IoT_VulnerableTLSCipherSuite",
"status": "Enabled"
}
],
"status": "Enabled",
"unmaskedIpLoggingStatus": "Enabled",
"userDefinedResources": {
"query": "where type != \"microsoft.devices/iothubs\" | where name contains \"iot\"",
"querySubscriptions": [
"075423e9-7d33-4166-8bdf-3920b04e3735"
]
},
"workspace": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1"
},
"tags": {},
"type": "Microsoft.Security/IoTSecuritySolutions"
}
]
}
}
}
}
},
"x-ms-pageable": {
"nextLinkName": "nextLink"
}
}
},
"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}": {
"delete": {
"description": "Use this method to delete yours IoT Security solution",
"operationId": "IotSecuritySolution_Delete",
"parameters": [
{
"description": "API version for the operation",
"in": "query",
"name": "api-version",
"required": true,
"type": "string"
},
{
"description": "Azure subscription ID",
"in": "path",
"name": "subscriptionId",
"pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$",
"required": true,
"type": "string"
},
{
"description": "The name of the resource group within the user's subscription. The name is case insensitive.",
"in": "path",
"maxLength": 90,
"minLength": 1,
"name": "resourceGroupName",
"pattern": "^[-\\w\\._\\(\\)]+$",
"required": true,
"type": "string",
"x-ms-parameter-location": "method"
},
{
"$ref": "#/parameters/SolutionName"
}
],
"responses": {
"200": {
"description": "Security Solution deleted."
},
"204": {
"description": "Security Solution does not exist."
},
"default": {
"description": "Error response describing why the operation failed.",
"schema": {
"description": "Error response structure.",
"properties": {
"error": {
"description": "Error details.",
"properties": {
"code": {
"description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.",
"readOnly": true,
"type": "string"
},
"message": {
"description": "A message describing the error, intended to be suitable for display in a user interface.",
"readOnly": true,
"type": "string"
}
},
"type": "object",
"x-ms-external": true
}
},
"type": "object",
"x-ms-external": true
}
}
},
"tags": [
"IoT Security Solution"
],
"x-ms-examples": {
"Delete an IoT security solution": {
"parameters": {
"api-version": "2019-08-01",
"resourceGroupName": "MyGroup",
"solutionName": "default",
"subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23"
},
"responses": {
"200": {},
"204": {}
}
}
}
},
"get": {
"description": "User this method to get details of a specific IoT Security solution based on solution name",
"operationId": "IotSecuritySolution_Get",
"parameters": [
{
"description": "API version for the operation",
"in": "query",
"name": "api-version",
"required": true,
"type": "string"
},
{
"description": "Azure subscription ID",
"in": "path",
"name": "subscriptionId",
"pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$",
"required": true,
"type": "string"
},
{
"description": "The name of the resource group within the user's subscription. The name is case insensitive.",
"in": "path",
"maxLength": 90,
"minLength": 1,
"name": "resourceGroupName",
"pattern": "^[-\\w\\._\\(\\)]+$",
"required": true,
"type": "string",
"x-ms-parameter-location": "method"
},
{
"$ref": "#/parameters/SolutionName"
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/IoTSecuritySolutionModel"
}
},
"default": {
"description": "Error response describing why the operation failed.",
"schema": {
"description": "Error response structure.",
"properties": {
"error": {
"description": "Error details.",
"properties": {
"code": {
"description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.",
"readOnly": true,
"type": "string"
},
"message": {
"description": "A message describing the error, intended to be suitable for display in a user interface.",
"readOnly": true,
"type": "string"
}
},
"type": "object",
"x-ms-external": true
}
},
"type": "object",
"x-ms-external": true
}
}
},
"tags": [
"IoT Security Solution"
],
"x-ms-examples": {
"Get a IoT security solution": {
"parameters": {
"api-version": "2019-08-01",
"resourceGroupName": "MyGroup",
"solutionName": "default",
"subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23"
},
"responses": {
"200": {
"body": {
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default",
"location": "East Us",
"name": "default",
"properties": {
"autoDiscoveredResources": [
"/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735",
"/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub"
],
"disabledDataSources": [],
"displayName": "Solution Default",
"export": [],
"iotHubs": [
"/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub"
],
"recommendationsConfiguration": [
{
"name": "Service Principal Not Used with ACR",
"recommendationType": "IoT_ACRAuthentication",
"status": "Enabled"
},
{
"name": "Agent sending underutilized messages",
"recommendationType": "IoT_AgentSendsUnutilizedMessages",
"status": "TurnedOn"
},
{
"name": "Operating system (OS) baseline validation failure",
"recommendationType": "IoT_Baseline",
"status": "Enabled"
},
{
"name": "Edge Hub memory can be optimized",
"recommendationType": "IoT_EdgeHubMemOptimize",
"status": "Enabled"
},
{
"name": "No Logging Configured for Edge Module",
"recommendationType": "IoT_EdgeLoggingOptions",
"status": "Enabled"
},
{
"name": "Module Settings Inconsistent in SecurityGroup",
"recommendationType": "IoT_InconsistentModuleSettings",
"status": "Enabled"
},
{
"name": "Install the Azure Security of Things Agent",
"recommendationType": "IoT_InstallAgent",
"status": "Enabled"
},
{
"name": "Default IP Filter Policy should be Deny",
"recommendationType": "IoT_IPFilter_DenyAll",
"status": "Enabled"
},
{
"name": "IP Filter rule includes large IP range",
"recommendationType": "IoT_IPFilter_PermissiveRule",
"status": "Enabled"
},
{
"name": "Open Ports On Device",
"recommendationType": "IoT_OpenPorts",
"status": "Disabled"
},
{
"name": "Permissive firewall policy in one of the chains was found",
"recommendationType": "IoT_PermissiveFirewallPolicy",
"status": "Enabled"
},
{
"name": "Permissive firewall rule in the input chain was found",
"recommendationType": "IoT_PermissiveInputFirewallRules",
"status": "Enabled"
},
{
"name": "Permissive firewall rule in the output chain was found",
"recommendationType": "IoT_PermissiveOutputFirewallRules",
"status": "Enabled"
},
{
"name": "High level permissions configured in Edge model twin for Edge module",
"recommendationType": "IoT_PrivilegedDockerOptions",
"status": "Enabled"
},
{
"name": "Same Authentication Credentials used by multiple devices",
"recommendationType": "IoT_SharedCredentials",
"status": "Disabled"
},
{
"name": "TLS cipher suite upgrade",
"recommendationType": "IoT_VulnerableTLSCipherSuite",
"status": "Enabled"
}
],
"status": "Enabled",
"unmaskedIpLoggingStatus": "Enabled",
"userDefinedResources": {
"query": "where type != \"microsoft.devices/iothubs\" | where name contains \"iot\"",
"querySubscriptions": [
"075423e9-7d33-4166-8bdf-3920b04e3735"
]
},
"workspace": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1"
},
"tags": {},
"type": "Microsoft.Security/IoTSecuritySolutions"
}
}
}
}
}
},
"patch": {
"description": "Use this method to update existing IoT Security solution tags or user defined resources. To update other fields use the CreateOrUpdate method.",
"operationId": "IotSecuritySolution_Update",
"parameters": [
{
"description": "API version for the operation",
"in": "query",
"name": "api-version",
"required": true,
"type": "string"
},
{
"description": "Azure subscription ID",
"in": "path",
"name": "subscriptionId",
"pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$",
"required": true,
"type": "string"
},
{
"description": "The name of the resource group within the user's subscription. The name is case insensitive.",
"in": "path",
"maxLength": 90,
"minLength": 1,
"name": "resourceGroupName",
"pattern": "^[-\\w\\._\\(\\)]+$",
"required": true,
"type": "string",
"x-ms-parameter-location": "method"
},
{
"$ref": "#/parameters/SolutionName"
},
{
"$ref": "#/parameters/UpdateIotSecuritySolution"
}
],
"responses": {
"200": {
"description": "Updated",
"schema": {
"$ref": "#/definitions/IoTSecuritySolutionModel"
}
},
"default": {
"description": "Error response describing why the operation failed.",
"schema": {
"description": "Error response structure.",
"properties": {
"error": {
"description": "Error details.",
"properties": {
"code": {
"description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.",
"readOnly": true,
"type": "string"
},
"message": {
"description": "A message describing the error, intended to be suitable for display in a user interface.",
"readOnly": true,
"type": "string"
}
},
"type": "object",
"x-ms-external": true
}
},
"type": "object",
"x-ms-external": true
}
}
},
"tags": [
"IoT Security Solution"
],
"x-ms-examples": {
"Use this method to update existing IoT Security solution": {
"parameters": {
"api-version": "2019-08-01",
"resourceGroupName": "myRg",
"solutionName": "default",
"subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23",
"updateIotSecuritySolutionData": {
"properties": {
"recommendationsConfiguration": [
{
"recommendationType": "IoT_OpenPorts",
"status": "Disabled"
},
{
"recommendationType": "IoT_SharedCredentials",
"status": "Disabled"
}
],
"userDefinedResources": {
"query": "where type != \"microsoft.devices/iothubs\" | where name contains \"v2\"",
"querySubscriptions": [
"075423e9-7d33-4166-8bdf-3920b04e3735"
]
}
},
"tags": {
"foo": "bar"
}
}
},
"responses": {
"200": {
"body": {
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/Locations/eastus/IoTSecuritySolutions/default",
"location": "East Us",
"name": "default",
"properties": {
"autoDiscoveredResources": [
"/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735",
"/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub"
],
"disabledDataSources": [],
"displayName": "Solution Default",
"export": [
"RawEvents"
],
"iotHubs": [
"/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub"
],
"recommendationsConfiguration": [
{
"name": "Service Principal Not Used with ACR",
"recommendationType": "IoT_ACRAuthentication",
"status": "Enabled"
},
{
"name": "Agent sending underutilized messages",
"recommendationType": "IoT_AgentSendsUnutilizedMessages",
"status": "TurnedOn"
},
{
"name": "Operating system (OS) baseline validation failure",
"recommendationType": "IoT_Baseline",
"status": "Enabled"
},
{
"name": "Edge Hub memory can be optimized",
"recommendationType": "IoT_EdgeHubMemOptimize",
"status": "Enabled"
},
{
"name": "No Logging Configured for Edge Module",
"recommendationType": "IoT_EdgeLoggingOptions",
"status": "Enabled"
},
{
"name": "Module Settings Inconsistent in SecurityGroup",
"recommendationType": "IoT_InconsistentModuleSettings",
"status": "Enabled"
},
{
"name": "Install the Azure Security of Things Agent",
"recommendationType": "IoT_InstallAgent",
"status": "Enabled"
},
{
"name": "Default IP Filter Policy should be Deny",
"recommendationType": "IoT_IPFilter_DenyAll",
"status": "Enabled"
},
{
"name": "IP Filter rule includes large IP range",
"recommendationType": "IoT_IPFilter_PermissiveRule",
"status": "Enabled"
},
{
"name": "Open Ports On Device",
"recommendationType": "IoT_OpenPorts",
"status": "Disabled"
},
{
"name": "Permissive firewall policy in one of the chains was found",
"recommendationType": "IoT_PermissiveFirewallPolicy",
"status": "Enabled"
},
{
"name": "Permissive firewall rule in the input chain was found",
"recommendationType": "IoT_PermissiveInputFirewallRules",
"status": "Enabled"
},
{
"name": "Permissive firewall rule in the output chain was found",
"recommendationType": "IoT_PermissiveOutputFirewallRules",
"status": "Enabled"
},
{
"name": "High level permissions configured in Edge model twin for Edge module",
"recommendationType": "IoT_PrivilegedDockerOptions",
"status": "Enabled"
},
{
"name": "Same Authentication Credentials used by multiple devices",
"recommendationType": "IoT_SharedCredentials",
"status": "Disabled"
},
{
"name": "TLS cipher suite upgrade",
"recommendationType": "IoT_VulnerableTLSCipherSuite",
"status": "Enabled"
}
],
"status": "Enabled",
"unmaskedIpLoggingStatus": "Enabled",
"userDefinedResources": {
"query": "where type != \"microsoft.devices/iothubs\" | where name contains \"v2\"",
"querySubscriptions": [
"075423e9-7d33-4166-8bdf-3920b04e3735"
]
},
"workspace": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1"
},
"tags": {
"foo": "bar"
},
"type": "Microsoft.Security/IoTSecuritySolutions"
}
}
}
}
}
},
"put": {
"description": "Use this method to create or update yours IoT Security solution",
"operationId": "IotSecuritySolution_CreateOrUpdate",
"parameters": [
{
"description": "API version for the operation",
"in": "query",
"name": "api-version",
"required": true,
"type": "string"
},
{
"description": "Azure subscription ID",
"in": "path",
"name": "subscriptionId",
"pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$",
"required": true,
"type": "string"
},
{
"description": "The name of the resource group within the user's subscription. The name is case insensitive.",
"in": "path",
"maxLength": 90,
"minLength": 1,
"name": "resourceGroupName",
"pattern": "^[-\\w\\._\\(\\)]+$",
"required": true,
"type": "string",
"x-ms-parameter-location": "method"
},
{
"$ref": "#/parameters/SolutionName"
},
{
"$ref": "#/parameters/IotSecuritySolutionData"
}
],
"responses": {
"200": {
"description": "Updated",
"schema": {
"$ref": "#/definitions/IoTSecuritySolutionModel"
}
},
"201": {
"description": "Created",
"schema": {
"$ref": "#/definitions/IoTSecuritySolutionModel"
}
},
"default": {
"description": "Error response describing why the operation failed.",
"schema": {
"description": "Error response structure.",
"properties": {
"error": {
"description": "Error details.",
"properties": {
"code": {
"description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically.",
"readOnly": true,
"type": "string"
},
"message": {
"description": "A message describing the error, intended to be suitable for display in a user interface.",
"readOnly": true,
"type": "string"
}
},
"type": "object",
"x-ms-external": true
}
},
"type": "object",
"x-ms-external": true
}
}
},
"tags": [
"IoT Security Solution"
],
"x-ms-examples": {
"Create or update a IoT security solution": {
"parameters": {
"api-version": "2019-08-01",
"iotSecuritySolutionData": {
"location": "East Us",
"properties": {
"disabledDataSources": [],
"displayName": "Solution Default",
"export": [],
"iotHubs": [
"/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub"
],
"recommendationsConfiguration": [
{
"recommendationType": "IoT_OpenPorts",
"status": "Disabled"
},
{
"recommendationType": "IoT_SharedCredentials",
"status": "Disabled"
}
],
"status": "Enabled",
"unmaskedIpLoggingStatus": "Enabled",
"userDefinedResources": {
"query": "where type != \"microsoft.devices/iothubs\" | where name contains \"iot\"",
"querySubscriptions": [
"075423e9-7d33-4166-8bdf-3920b04e3735"
]
},
"workspace": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1"
},
"tags": {}
},
"resourceGroupName": "MyGroup",
"solutionName": "default",
"subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23"
},
"responses": {
"200": {
"body": {
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/Locations/eastus/IoTSecuritySolutions/default",
"location": "East Us",
"name": "default",
"properties": {
"autoDiscoveredResources": [
"/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735",
"/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub"
],
"disabledDataSources": [],
"displayName": "Solution Default",
"export": [],
"iotHubs": [
"/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub"
],
"recommendationsConfiguration": [
{
"name": "Service Principal Not Used with ACR",
"recommendationType": "IoT_ACRAuthentication",
"status": "Enabled"
},
{
"name": "Agent sending underutilized messages",
"recommendationType": "IoT_AgentSendsUnutilizedMessages",
"status": "TurnedOn"
},
{
"name": "Operating system (OS) baseline validation failure",
"recommendationType": "IoT_Baseline",
"status": "Enabled"
},
{
"name": "Edge Hub memory can be optimized",
"recommendationType": "IoT_EdgeHubMemOptimize",
"status": "Enabled"
},
{
"name": "No Logging Configured for Edge Module",
"recommendationType": "IoT_EdgeLoggingOptions",
"status": "Enabled"
},
{
"name": "Module Settings Inconsistent in SecurityGroup",
"recommendationType": "IoT_InconsistentModuleSettings",
"status": "Enabled"
},
{
"name": "Install the Azure Security of Things Agent",
"recommendationType": "IoT_InstallAgent",
"status": "Enabled"
},
{
"name": "Default IP Filter Policy should be Deny",
"recommendationType": "IoT_IPFilter_DenyAll",
"status": "Enabled"
},
{
"name": "IP Filter rule includes large IP range",
"recommendationType": "IoT_IPFilter_PermissiveRule",
"status": "Enabled"
},
{
"name": "Open Ports On Device",
"recommendationType": "IoT_OpenPorts",
"status": "Disabled"
},
{
"name": "Permissive firewall policy in one of the chains was found",
"recommendationType": "IoT_PermissiveFirewallPolicy",
"status": "Enabled"
},
{
"name": "Permissive firewall rule in the input chain was found",
"recommendationType": "IoT_PermissiveInputFirewallRules",
"status": "Enabled"
},
{
"name": "Permissive firewall rule in the output chain was found",
"recommendationType": "IoT_PermissiveOutputFirewallRules",
"status": "Enabled"
},
{
"name": "High level permissions configured in Edge model twin for Edge module",
"recommendationType": "IoT_PrivilegedDockerOptions",
"status": "Enabled"
},
{
"name": "Same Authentication Credentials used by multiple devices",
"recommendationType": "IoT_SharedCredentials",
"status": "Disabled"
},
{
"name": "TLS cipher suite upgrade",
"recommendationType": "IoT_VulnerableTLSCipherSuite",
"status": "Enabled"
}
],
"status": "Enabled",
"unmaskedIpLoggingStatus": "Enabled",
"userDefinedResources": {
"query": "where type != \"microsoft.devices/iothubs\" | where name contains \"iot\"",
"querySubscriptions": [
"075423e9-7d33-4166-8bdf-3920b04e3735"
]
},
"workspace": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1"
},
"tags": {},
"type": "Microsoft.Security/IoTSecuritySolutions"
}
},
"201": {
"body": {
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/MyGroup/providers/Microsoft.Security/Locations/eastus/IoTSecuritySolutions/default",
"location": "East Us",
"name": "default",
"properties": {
"autoDiscoveredResources": [
"/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735",
"/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub"
],
"disabledDataSources": [],
"displayName": "Solution Default",
"export": [],
"iotHubs": [
"/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/myRg/providers/Microsoft.Devices/IotHubs/FirstIotHub"
],
"recommendationsConfiguration": [
{
"name": "Service Principal Not Used with ACR",
"recommendationType": "IoT_ACRAuthentication",
"status": "Enabled"
},
{
"name": "Agent sending underutilized messages",
"recommendationType": "IoT_AgentSendsUnutilizedMessages",
"status": "TurnedOn"
},
{
"name": "Operating system (OS) baseline validation failure",
"recommendationType": "IoT_Baseline",
"status": "Enabled"
},
{
"name": "Edge Hub memory can be optimized",
"recommendationType": "IoT_EdgeHubMemOptimize",
"status": "Enabled"
},
{
"name": "No Logging Configured for Edge Module",
"recommendationType": "IoT_EdgeLoggingOptions",
"status": "Enabled"
},
{
"name": "Module Settings Inconsistent in SecurityGroup",
"recommendationType": "IoT_InconsistentModuleSettings",
"status": "Enabled"
},
{
"name": "Install the Azure Security of Things Agent",
"recommendationType": "IoT_InstallAgent",
"status": "Enabled"
},
{
"name": "Default IP Filter Policy should be Deny",
"recommendationType": "IoT_IPFilter_DenyAll",
"status": "Enabled"
},
{
"name": "IP Filter rule includes large IP range",
"recommendationType": "IoT_IPFilter_PermissiveRule",
"status": "Enabled"
},
{
"name": "Open Ports On Device",
"recommendationType": "IoT_OpenPorts",
"status": "Disabled"
},
{
"name": "Permissive firewall policy in one of the chains was found",
"recommendationType": "IoT_PermissiveFirewallPolicy",
"status": "Enabled"
},
{
"name": "Permissive firewall rule in the input chain was found",
"recommendationType": "IoT_PermissiveInputFirewallRules",
"status": "Enabled"
},
{
"name": "Permissive firewall rule in the output chain was found",
"recommendationType": "IoT_PermissiveOutputFirewallRules",
"status": "Enabled"
},
{
"name": "High level permissions configured in Edge model twin for Edge module",
"recommendationType": "IoT_PrivilegedDockerOptions",
"status": "Enabled"
},
{
"name": "Same Authentication Credentials used by multiple devices",
"recommendationType": "IoT_SharedCredentials",
"status": "Disabled"
},
{
"name": "TLS cipher suite upgrade",
"recommendationType": "IoT_VulnerableTLSCipherSuite",
"status": "Enabled"
}
],
"status": "Enabled",
"unmaskedIpLoggingStatus": "Enabled",
"userDefinedResources": {
"query": "where type != \"microsoft.devices/iothubs\" | where name contains \"iot\"",
"querySubscriptions": [
"075423e9-7d33-4166-8bdf-3920b04e3735"
]
},
"workspace": "/subscriptions/c4930e90-cd72-4aa5-93e9-2d081d129569/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace1"
},
"tags": {},
"type": "Microsoft.Security/IoTSecuritySolutions"
}
}
}
}
}
}
}
},
"definitions": {
"IoTSecuritySolutionModel": {
"allOf": [
{
"description": "Describes an Azure resource.",
"properties": {
"id": {
"description": "Resource Id",
"readOnly": true,
"type": "string"
},
"name": {
"description": "Resource name",
"readOnly": true,
"type": "string"
},
"type": {
"description": "Resource type",
"readOnly": true,
"type": "string"
}
},
"type": "object",
"x-ms-azure-resource": true
},
{
"$ref": "#/definitions/TagsResource"
}
],
"description": "IoT Security solution configuration and resource information.",
"properties": {
"location": {
"description": "The resource location.",
"type": "string"
},
"properties": {
"$ref": "#/definitions/IoTSecuritySolutionProperties",
"description": "Security Solution data",
"x-ms-client-flatten": true
}
},
"type": "object"
},
"IoTSecuritySolutionProperties": {
"description": "Security Solution setting data",
"properties": {
"autoDiscoveredResources": {
"description": "List of resources that were automatically discovered as relevant to the security solution.",
"items": {
"type": "string"
},
"readOnly": true,
"type": "array"
},
"disabledDataSources": {
"description": "Disabled data sources. Disabling these data sources compromises the system.",
"items": {
"enum": [
"TwinData"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "DataSource",
"values": [
{
"description": "Devices twin data",
"value": "TwinData"
}
]
}
},
"type": "array"
},
"displayName": {
"description": "Resource display name.",
"type": "string"
},
"export": {
"description": "List of additional options for exporting to workspace data.",
"items": {
"enum": [
"RawEvents"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "ExportData",
"values": [
{
"description": "Agent raw events",
"value": "RawEvents"
}
]
}
},
"type": "array"
},
"iotHubs": {
"description": "IoT Hub resource IDs",
"items": {
"type": "string"
},
"type": "array"
},
"recommendationsConfiguration": {
"$ref": "#/definitions/RecommendationConfigurationList"
},
"status": {
"default": "Enabled",
"description": "Status of the IoT Security solution.",
"enum": [
"Enabled",
"Disabled"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "SecuritySolutionStatus"
}
},
"unmaskedIpLoggingStatus": {
"default": "Disabled",
"description": "Unmasked IP address logging status",
"enum": [
"Disabled",
"Enabled"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "UnmaskedIpLoggingStatus",
"values": [
{
"description": "Unmasked IP logging is disabled",
"value": "Disabled"
},
{
"description": "Unmasked IP logging is enabled",
"value": "Enabled"
}
]
}
},
"userDefinedResources": {
"$ref": "#/definitions/UserDefinedResourcesProperties"
},
"workspace": {
"description": "Workspace resource ID",
"type": "string"
}
},
"required": [
"iotHubs",
"workspace",
"displayName"
],
"type": "object"
},
"IoTSecuritySolutionsList": {
"description": "List of IoT Security solutions.",
"properties": {
"nextLink": {
"description": "The URI to fetch the next page.",
"readOnly": true,
"type": "string"
},
"value": {
"description": "List of IoT Security solutions",
"items": {
"$ref": "#/definitions/IoTSecuritySolutionModel"
},
"type": "array"
}
},
"required": [
"value"
]
},
"RecommendationConfigurationList": {
"description": "List of the configuration status for each recommendation type.",
"items": {
"$ref": "#/definitions/RecommendationConfigurationProperties"
},
"type": "array"
},
"RecommendationConfigurationProperties": {
"description": "The type of IoT Security recommendation.",
"properties": {
"name": {
"readOnly": true,
"type": "string"
},
"recommendationType": {
"description": "The type of IoT Security recommendation.",
"enum": [
"IoT_ACRAuthentication",
"IoT_AgentSendsUnutilizedMessages",
"IoT_Baseline",
"IoT_EdgeHubMemOptimize",
"IoT_EdgeLoggingOptions",
"IoT_InconsistentModuleSettings",
"IoT_InstallAgent",
"IoT_IPFilter_DenyAll",
"IoT_IPFilter_PermissiveRule",
"IoT_OpenPorts",
"IoT_PermissiveFirewallPolicy",
"IoT_PermissiveInputFirewallRules",
"IoT_PermissiveOutputFirewallRules",
"IoT_PrivilegedDockerOptions",
"IoT_SharedCredentials",
"IoT_VulnerableTLSCipherSuite"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "RecommendationType",
"values": [
{
"description": "Authentication schema used for pull an edge module from an ACR repository does not use Service Principal Authentication.",
"value": "IoT_ACRAuthentication"
},
{
"description": "IoT agent message size capacity is currently underutilized, causing an increase in the number of sent messages. Adjust message intervals for better utilization.",
"value": "IoT_AgentSendsUnutilizedMessages"
},
{
"description": "Identified security related system configuration issues.",
"value": "IoT_Baseline"
},
{
"description": "You can optimize Edge Hub memory usage by turning off protocol heads for any protocols not used by Edge modules in your solution.",
"value": "IoT_EdgeHubMemOptimize"
},
{
"description": "Logging is disabled for this edge module.",
"value": "IoT_EdgeLoggingOptions"
},
{
"description": "A minority within a device security group has inconsistent Edge Module settings with the rest of their group.",
"value": "IoT_InconsistentModuleSettings"
},
{
"description": "Install the Azure Security of Things Agent.",
"value": "IoT_InstallAgent"
},
{
"description": "IP Filter Configuration should have rules defined for allowed traffic and should deny all other traffic by default.",
"value": "IoT_IPFilter_DenyAll"
},
{
"description": "An Allow IP Filter rules source IP range is too large. Overly permissive rules might expose your IoT hub to malicious intenders.",
"value": "IoT_IPFilter_PermissiveRule"
},
{
"description": "A listening endpoint was found on the device.",
"value": "IoT_OpenPorts"
},
{
"description": "An Allowed firewall policy was found (INPUT/OUTPUT). The policy should Deny all traffic by default and define rules to allow necessary communication to/from the device.",
"value": "IoT_PermissiveFirewallPolicy"
},
{
"description": "A rule in the firewall has been found that contains a permissive pattern for a wide range of IP addresses or Ports.",
"value": "IoT_PermissiveInputFirewallRules"
},
{
"description": "A rule in the firewall has been found that contains a permissive pattern for a wide range of IP addresses or Ports.",
"value": "IoT_PermissiveOutputFirewallRules"
},
{
"description": "Edge module is configured to run in privileged mode, with extensive Linux capabilities or with host-level network access (send/receive data to host machine).",
"value": "IoT_PrivilegedDockerOptions"
},
{
"description": "Same authentication credentials to the IoT Hub used by multiple devices. This could indicate an illegitimate device impersonating a legitimate device. It also exposes the risk of device impersonation by an attacker.",
"value": "IoT_SharedCredentials"
},
{
"description": "Insecure TLS configurations detected. Immediate upgrade recommended.",
"value": "IoT_VulnerableTLSCipherSuite"
}
]
}
},
"status": {
"default": "Enabled",
"description": "Recommendation status. When the recommendation status is disabled recommendations are not generated.",
"enum": [
"Disabled",
"Enabled"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "RecommendationConfigStatus"
}
}
},
"required": [
"recommendationType",
"status"
],
"type": "object"
},
"TagsResource": {
"description": "A container holding only the Tags for a resource, allowing the user to update the tags.",
"properties": {
"tags": {
"additionalProperties": {
"type": "string"
},
"description": "Resource tags",
"type": "object"
}
}
},
"UpdateIoTSecuritySolutionProperties": {
"description": "Update Security Solution setting data",
"properties": {
"recommendationsConfiguration": {
"$ref": "#/definitions/RecommendationConfigurationList"
},
"userDefinedResources": {
"$ref": "#/definitions/UserDefinedResourcesProperties"
}
},
"type": "object"
},
"UpdateIotSecuritySolutionData": {
"allOf": [
{
"$ref": "#/definitions/TagsResource"
}
],
"properties": {
"properties": {
"$ref": "#/definitions/UpdateIoTSecuritySolutionProperties",
"description": "Security Solution data",
"x-ms-client-flatten": true
}
},
"type": "object"
},
"UserDefinedResourcesProperties": {
"description": "Properties of the IoT Security solution's user defined resources.",
"properties": {
"query": {
"description": "Azure Resource Graph query which represents the security solution's user defined resources. Required to start with \"where type != \"Microsoft.Devices/IotHubs\"\"",
"type": "string",
"x-nullable": true
},
"querySubscriptions": {
"description": "List of Azure subscription ids on which the user defined resources query should be executed.",
"items": {
"pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$",
"type": "string"
},
"type": "array",
"x-nullable": true
}
},
"required": [
"query",
"querySubscriptions"
],
"type": "object"
}
}
}