Microsoft Azure

Microsoft Azure Microsoft Defender for Cloud

Microsoft Azure Microsoft Defender for Cloud is a comprehensive security solution designed to protect cloud environments and resources from cyber threats. By continuously monitoring and analyzing data patterns, Defender for Cloud can detect and respond to potential security risks in real time. It offers a range of advanced security features such as threat intelligence, vulnerability assessment, and access control to help organizations safeguard their data and applications in the cloud.

GitHub OpenAPI

Documentation

📖
Documentation
https://learn.microsoft.com/en-us/azure/defender-for-cloud/

Specifications

OpenAPI
https://raw.githubusercontent.com/api-evangelist/microsoft-azure/refs/heads/main/openapi/microsoft-defender-for-cloud-openapi-original.yml

OpenAPI Specification

microsoft-defender-for-cloud-openapi-original.yml Raw ↑ 
swagger: '2.0'
info:
  title: Microsoft Azure Microsoft Defender for Cloud
  description: >-
    API spec for Microsoft.Security (Microsoft Defender for Cloud) resource
    provider
  version: 2023-12-01-preview
host: management.azure.com
schemes:
  - https
consumes:
  - application/json
produces:
  - application/json
security:
  - azure_auth:
      - user_impersonation
securityDefinitions:
  azure_auth:
    type: oauth2
    authorizationUrl: https://login.microsoftonline.com/common/oauth2/authorize
    flow: implicit
    description: Azure Active Directory OAuth2 Flow
    scopes:
      user_impersonation: impersonate your user account
paths:
  /subscriptions/{subscriptionId}/providers/Microsoft.Security/securityContacts:
    get:
      x-ms-examples:
        List security contact data:
          $ref: >-
            ./examples/SecurityContacts/GetSecurityContactsSubscription_example.json
      tags:
        - Security Contacts
      description: List all security contact configurations for the subscription
      operationId: microsoftAzureSecuritycontactsList
      parameters:
        - $ref: ../../../common/v1/types.json#/parameters/ApiVersion
        - $ref: ../../../common/v1/types.json#/parameters/SubscriptionId
      responses:
        '200':
          description: OK
          schema:
            $ref: '#/definitions/SecurityContactList'
        default:
          description: Error response describing why the operation failed.
          schema:
            $ref: ../../../common/v1/types.json#/definitions/CloudError
      x-ms-pageable:
        nextLinkName: nextLink
      summary: >-
        Microsoft Azure Get Subscriptions Subscriptionid Providers Microsoft Security Securitycontacts
  /subscriptions/{subscriptionId}/providers/Microsoft.Security/securityContacts/{securityContactName}:
    get:
      x-ms-examples:
        Get a security contact:
          $ref: ./examples/SecurityContacts/GetSecurityContact_example.json
      tags:
        - Security Contacts
      description: Get Default Security contact configurations for the subscription
      operationId: microsoftAzureSecuritycontactsGet
      parameters:
        - $ref: ../../../common/v1/types.json#/parameters/ApiVersion
        - $ref: ../../../common/v1/types.json#/parameters/SubscriptionId
        - $ref: '#/parameters/SecurityContactName'
      responses:
        '200':
          description: OK
          schema:
            $ref: '#/definitions/SecurityContact'
        default:
          description: Error response describing why the operation failed.
          schema:
            $ref: ../../../common/v1/types.json#/definitions/CloudError
      summary: >-
        Microsoft Azure Get Subscriptions Subscriptionid Providers Microsoft Security Securitycontacts Securitycontactname
    put:
      x-ms-examples:
        Create security contact data:
          $ref: ./examples/SecurityContacts/CreateSecurityContact_example.json
      tags:
        - Security Contacts
      description: Create security contact configurations for the subscription
      operationId: microsoftAzureSecuritycontactsCreate
      parameters:
        - $ref: ../../../common/v1/types.json#/parameters/ApiVersion
        - $ref: ../../../common/v1/types.json#/parameters/SubscriptionId
        - $ref: '#/parameters/SecurityContactName'
        - $ref: '#/parameters/SecurityContact'
      responses:
        '200':
          description: OK
          schema:
            $ref: '#/definitions/SecurityContact'
        '201':
          description: Created
          schema:
            $ref: '#/definitions/SecurityContact'
        default:
          description: Error response describing why the operation failed.
          schema:
            $ref: ../../../common/v1/types.json#/definitions/CloudError
      summary: >-
        Microsoft Azure Put Subscriptions Subscriptionid Providers Microsoft Security Securitycontacts Securitycontactname
    delete:
      x-ms-examples:
        Deletes a security contact data:
          $ref: ./examples/SecurityContacts/DeleteSecurityContact_example.json
      tags:
        - Security Contacts
      description: Delete security contact configurations for the subscription
      operationId: microsoftAzureSecuritycontactsDelete
      parameters:
        - $ref: ../../../common/v1/types.json#/parameters/ApiVersion
        - $ref: ../../../common/v1/types.json#/parameters/SubscriptionId
        - $ref: '#/parameters/SecurityContactName'
      responses:
        '200':
          description: Security contact deleted
        '204':
          description: Security contact was not found
        default:
          description: Error response describing why the operation failed.
          schema:
            $ref: ../../../common/v1/types.json#/definitions/CloudError
      summary: >-
        Microsoft Azure Delete Subscriptions Subscriptionid Providers Microsoft Security Securitycontacts Securitycontactname
definitions:
  SecurityContactList:
    type: object
    description: List of security contacts response
    required:
      - value
    properties:
      value:
        description: List of security contacts
        type: array
        items:
          $ref: '#/definitions/SecurityContact'
      nextLink:
        readOnly: true
        type: string
        description: The URI to fetch the next page.
  SecurityContact:
    type: object
    description: >-
      Contact details and configurations for notifications coming from Microsoft
      Defender for Cloud.
    properties:
      properties:
        x-ms-client-flatten: true
        description: Security contact data
        $ref: '#/definitions/SecurityContactProperties'
    allOf:
      - $ref: ../../../common/v1/types.json#/definitions/Resource
  SecurityContactProperties:
    type: object
    description: Describes security contact properties
    properties:
      emails:
        type: string
        description: >-
          List of email addresses which will get notifications from Microsoft
          Defender for Cloud by the configurations defined in this security
          contact.
      phone:
        type: string
        description: The security contact's phone number
      isEnabled:
        type: boolean
        description: Indicates whether the security contact is enabled.
      notificationsSources:
        type: array
        description: A collection of sources types which evaluate the email notification.
        items:
          $ref: '#/definitions/NotificationsSource'
        x-ms-identifiers: []
      notificationsByRole:
        type: object
        description: >-
          Defines whether to send email notifications from Microsoft Defender
          for Cloud to persons with specific RBAC roles on the subscription.
        properties:
          state:
            type: string
            description: >-
              Defines whether to send email notifications from AMicrosoft
              Defender for Cloud to persons with specific RBAC roles on the
              subscription.
            enum:
              - 'On'
              - 'Off'
            x-ms-enum:
              name: state
              modelAsString: true
              values:
                - value: 'On'
                  description: Send notification on new alerts to the subscription's admins
                - value: 'Off'
                  description: >-
                    Don't send notification on new alerts to the subscription's
                    admins
          roles:
            type: array
            description: >-
              Defines which RBAC roles will get email notifications from
              Microsoft Defender for Cloud. List of allowed RBAC roles: 
            items:
              $ref: '#/definitions/SecurityContactRole'
  NotificationsSource:
    type: object
    description: A valid notification source type
    discriminator: sourceType
    required:
      - sourceType
    properties:
      sourceType:
        type: string
        description: The source type that will trigger the notification
        enum:
          - Alert
          - AttackPath
        x-ms-enum:
          name: sourceType
          modelAsString: true
  NotificationsSourceAlert:
    type: object
    description: Alert notification source
    x-ms-discriminator-value: Alert
    allOf:
      - $ref: '#/definitions/NotificationsSource'
    properties:
      minimalSeverity:
        type: object
        $ref: '#/definitions/MinimalSeverity'
        description: ''
  MinimalSeverity:
    type: string
    description: >-
      Defines the minimal alert severity which will be sent as email
      notifications
    enum:
      - High
      - Medium
      - Low
    x-ms-enum:
      name: minimalSeverity
      modelAsString: true
      values:
        - value: High
          description: Get notifications on new alerts with High severity
        - value: Medium
          description: Get notifications on new alerts with Medium or High severity
        - value: Low
          description: Get notifications on new alerts with Low, Medium or High severity
  NotificationsSourceAttackPath:
    type: object
    description: Attack path notification source
    x-ms-discriminator-value: AttackPath
    allOf:
      - $ref: '#/definitions/NotificationsSource'
    properties:
      minimalRiskLevel:
        type: object
        $ref: '#/definitions/MinimalRiskLevel'
        description: >-
          Defines the minimal attach path risk level which will be sent as email
          notifications
  MinimalRiskLevel:
    type: string
    description: >-
      Defines the minimal attack path risk level which will be sent as email
      notifications
    enum:
      - Critical
      - High
      - Medium
      - Low
    x-ms-enum:
      name: minimalRiskLevel
      modelAsString: true
      values:
        - value: Critical
          description: Get notifications on new attack paths with Critical risk level
        - value: High
          description: >-
            Get notifications on new attack paths with High or Critical risk
            level
        - value: Medium
          description: >-
            Get notifications on new attach paths with Medium, High or Critical
            risk level
        - value: Low
          description: >-
            Get notifications on new attach paths with Low, Medium, High or
            Critical risk level
  State:
    type: string
    description: Defines if email notifications will be sent about new security events
    enum:
      - 'On'
      - 'Off'
    x-ms-enum:
      name: state
      modelAsString: true
      values:
        - value: 'On'
          description: Get notifications on new events
        - value: 'Off'
          description: Don't get notifications on new events
  SecurityContactRole:
    type: string
    description: A possible role to configure sending security notification alerts to
    enum:
      - AccountAdmin
      - ServiceAdmin
      - Owner
      - Contributor
    x-ms-enum:
      name: securityContactRole
      modelAsString: true
      values:
        - value: AccountAdmin
          description: If enabled, send notification on new alerts to the account admins
        - value: ServiceAdmin
          description: If enabled, send notification on new alerts to the service admins
        - value: Owner
          description: >-
            If enabled, send notification on new alerts to the subscription
            owners
        - value: Contributor
          description: >-
            If enabled, send notification on new alerts to the subscription
            contributors
parameters:
  SecurityContactName:
    name: securityContactName
    type: string
    enum:
      - default
    x-ms-enum:
      name: securityContactName
      modelAsString: true
      values:
        - value: default
          description: The single applicable name of the security contact object
    in: path
    required: true
    pattern: ^(default)$
    minLength: 7
    maxLength: 7
    description: Name of the security contact object
    x-ms-parameter-location: method
  SecurityContact:
    name: securityContact
    in: body
    required: true
    description: Security contact object
    schema:
      $ref: '#/definitions/SecurityContact'
    x-ms-parameter-location: method
tags:
  - name: Security Contacts