Microsoft Azure Security Center is a comprehensive cloud security solution that provides advanced threat protection across all hybrid cloud workloads. It continuously monitors and analyzes security data from various sources, such as Azure resources, networks, and applications, to identify and respond to potential security threats in real-time.
swagger: '2.0'
info:
title: Microsoft Azure Security Center
description: API spec for Microsoft.Security (Azure Security Center) resource provider
version: 2024-03-01-preview
host: management.azure.com
schemes:
- https
consumes:
- application/json
produces:
- application/json
security:
- azure_auth:
- user_impersonation
securityDefinitions:
azure_auth:
type: oauth2
authorizationUrl: https://login.microsoftonline.com/common/oauth2/authorize
flow: implicit
description: Azure Active Directory OAuth2 Flow
scopes:
user_impersonation: impersonate your user account
paths:
/subscriptions/{subscriptionId}/providers/Microsoft.Security/securityConnectors:
get:
x-ms-examples:
List all security connectors of a specified subscription:
$ref: >-
./examples/SecurityConnectors/GetSecurityConnectorsSubscription_example.json
tags:
- SecurityConnectors
description: >-
Lists all the security connectors in the specified subscription. Use the
'nextLink' property in the response to get the next page of security
connectors for the specified subscription.
operationId: microsoftAzureSecurityconnectorsList
parameters:
- $ref: ../../../common/v1/types.json#/parameters/ApiVersion
- $ref: ../../../common/v1/types.json#/parameters/SubscriptionId
responses:
'200':
description: OK
schema:
$ref: '#/definitions/SecurityConnectorsList'
default:
description: Error response that describes why the operation failed.
schema:
$ref: ../../../common/v1/types.json#/definitions/CloudError
x-ms-pageable:
nextLinkName: nextLink
summary: >-
Microsoft Azure Get Subscriptions Subscriptionid Providers Microsoft Security Securityconnectors
/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors:
get:
x-ms-examples:
List all security connectors of a specified resource group:
$ref: >-
./examples/SecurityConnectors/GetSecurityConnectorsResourceGroup_example.json
tags:
- SecurityConnectors
description: >-
Lists all the security connectors in the specified resource group. Use
the 'nextLink' property in the response to get the next page of security
connectors for the specified resource group.
operationId: microsoftAzureSecurityconnectorsListbyresourcegroup
parameters:
- $ref: ../../../common/v1/types.json#/parameters/ApiVersion
- $ref: ../../../common/v1/types.json#/parameters/SubscriptionId
- $ref: ../../../common/v1/types.json#/parameters/ResourceGroupName
responses:
'200':
description: OK
schema:
$ref: '#/definitions/SecurityConnectorsList'
default:
description: Error response that describes why the operation failed.
schema:
$ref: ../../../common/v1/types.json#/definitions/CloudError
x-ms-pageable:
nextLinkName: nextLink
summary: >-
Microsoft Azure Get Subscriptions Subscriptionid Resourcegroups Resourcegroupname Providers Microsoft Security Securityconnectors
? /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName}
: get:
x-ms-examples:
Retrieve a security connector:
$ref: >-
./examples/SecurityConnectors/GetSecurityConnectorSingleResource_example.json
tags:
- SecurityConnectors
description: Retrieves details of a specific security connector
operationId: microsoftAzureSecurityconnectorsGet
parameters:
- $ref: ../../../common/v1/types.json#/parameters/ApiVersion
- $ref: ../../../common/v1/types.json#/parameters/SubscriptionId
- $ref: ../../../common/v1/types.json#/parameters/ResourceGroupName
- $ref: '#/parameters/securityConnectorName'
responses:
'200':
description: OK
schema:
$ref: '#/definitions/SecurityConnector'
default:
description: Error response that describes why the operation failed.
schema:
$ref: ../../../common/v1/types.json#/definitions/CloudError
summary: >-
Microsoft Azure Get Subscriptions Subscriptionid Resourcegroups Resourcegroupname Providers Microsoft Security Securityconnectors Securityconnectorname
put:
x-ms-examples:
Create or update a security connector:
$ref: ./examples/SecurityConnectors/PutSecurityConnector_example.json
tags:
- SecurityConnectors
description: >-
Creates or updates a security connector. If a security connector is
already created and a subsequent request is issued for the same security
connector id, then it will be updated.
operationId: microsoftAzureSecurityconnectorsCreateorupdate
parameters:
- $ref: ../../../common/v1/types.json#/parameters/ApiVersion
- $ref: ../../../common/v1/types.json#/parameters/SubscriptionId
- $ref: ../../../common/v1/types.json#/parameters/ResourceGroupName
- $ref: '#/parameters/securityConnectorName'
- $ref: '#/parameters/securityConnectorInBody'
responses:
'200':
description: OK
schema:
$ref: '#/definitions/SecurityConnector'
'201':
description: Created
schema:
$ref: '#/definitions/SecurityConnector'
default:
description: Error response that describes why the operation failed.
schema:
$ref: ../../../common/v1/types.json#/definitions/CloudError
summary: >-
Microsoft Azure Put Subscriptions Subscriptionid Resourcegroups Resourcegroupname Providers Microsoft Security Securityconnectors Securityconnectorname
patch:
x-ms-examples:
Update a security connector:
$ref: ./examples/SecurityConnectors/PatchSecurityConnector_example.json
tags:
- SecurityConnectors
description: Updates a security connector
operationId: microsoftAzureSecurityconnectorsUpdate
parameters:
- $ref: ../../../common/v1/types.json#/parameters/ApiVersion
- $ref: ../../../common/v1/types.json#/parameters/SubscriptionId
- $ref: ../../../common/v1/types.json#/parameters/ResourceGroupName
- $ref: '#/parameters/securityConnectorName'
- $ref: '#/parameters/securityConnectorInBody'
responses:
'200':
description: OK
schema:
$ref: '#/definitions/SecurityConnector'
default:
description: Error response that describes why the operation failed.
schema:
$ref: ../../../common/v1/types.json#/definitions/CloudError
summary: >-
Microsoft Azure Patch Subscriptions Subscriptionid Resourcegroups Resourcegroupname Providers Microsoft Security Securityconnectors Securityconnectorname
delete:
x-ms-examples:
Delete a security connector:
$ref: ./examples/SecurityConnectors/DeleteSecurityConnector_example.json
tags:
- SecurityConnectors
operationId: microsoftAzureSecurityconnectorsDelete
description: Deletes a security connector.
parameters:
- $ref: ../../../common/v1/types.json#/parameters/ApiVersion
- $ref: ../../../common/v1/types.json#/parameters/SubscriptionId
- $ref: ../../../common/v1/types.json#/parameters/ResourceGroupName
- $ref: '#/parameters/securityConnectorName'
responses:
'200':
description: The resource was deleted successfully
'204':
description: NoContent
default:
description: Error response that describes why the operation failed.
schema:
$ref: ../../../common/v1/types.json#/definitions/CloudError
summary: >-
Microsoft Azure Delete Subscriptions Subscriptionid Resourcegroups Resourcegroupname Providers Microsoft Security Securityconnectors Securityconnectorname
definitions:
SecurityConnectorsList:
type: object
description: List of security connectors response.
required:
- value
properties:
value:
type: array
description: The list of security connectors under the given scope.
items:
$ref: '#/definitions/SecurityConnector'
nextLink:
readOnly: true
type: string
description: The URI to fetch the next page.
SecurityConnector:
type: object
description: The security connector resource.
properties:
systemData:
readOnly: true
type: object
description: >-
Azure Resource Manager metadata containing createdBy and modifiedBy
information.
$ref: >-
../../../../../common-types/resource-management/v2/types.json#/definitions/systemData
properties:
x-ms-client-flatten: true
description: Security connector data
$ref: '#/definitions/SecurityConnectorProperties'
allOf:
- $ref: ../../../common/v1/types.json#/definitions/TrackedResource
SecurityConnectorProperties:
type: object
description: A set of properties that defines the security connector configuration.
properties:
hierarchyIdentifier:
type: string
description: >-
The multi cloud resource identifier (account id in case of AWS
connector, project number in case of GCP connector).
hierarchyIdentifierTrialEndDate:
type: string
format: date-time
readOnly: true
description: >-
The date on which the trial period will end, if applicable. Trial
period exists for 30 days after upgrading to payed offerings.
environmentName:
type: string
description: The multi cloud resource's cloud name.
enum:
- Azure
- AWS
- GCP
- Github
- AzureDevOps
- GitLab
x-ms-enum:
name: cloudName
modelAsString: true
offerings:
type: array
description: A collection of offerings for the security connector.
items:
$ref: '#/definitions/cloudOffering'
x-ms-identifiers: []
environmentData:
type: object
description: The security connector environment data.
$ref: '#/definitions/EnvironmentData'
EnvironmentData:
type: object
description: The security connector environment data.
discriminator: environmentType
required:
- environmentType
properties:
environmentType:
type: string
description: The type of the environment data.
enum:
- AwsAccount
- GcpProject
- GithubScope
- AzureDevOpsScope
- GitlabScope
x-ms-enum:
name: environmentType
modelAsString: true
AwsEnvironmentData:
type: object
description: The AWS connector environment data
x-ms-discriminator-value: AwsAccount
allOf:
- $ref: '#/definitions/EnvironmentData'
properties:
organizationalData:
type: object
description: The AWS account's organizational data
$ref: '#/definitions/AwsOrganizationalData'
regions:
type: array
description: list of regions to scan
items:
type: string
description: AWS regions names
accountName:
type: string
description: The AWS account name
readOnly: true
scanInterval:
type: integer
format: int64
description: Scan interval in hours (value should be between 1-hour to 24-hours)
AwsOrganizationalData:
type: object
description: The AWS organization data
discriminator: organizationMembershipType
required:
- organizationMembershipType
properties:
organizationMembershipType:
type: string
description: The multi cloud account's membership type in the organization
enum:
- Member
- Organization
x-ms-enum:
name: organizationMembershipType
modelAsString: true
AwsOrganizationalDataMaster:
type: object
description: The AWS organization data for the master account
x-ms-discriminator-value: Organization
allOf:
- $ref: '#/definitions/AwsOrganizationalData'
properties:
stacksetName:
type: string
description: >-
If the multi cloud account is of membership type organization, this
will be the name of the onboarding stackset
excludedAccountIds:
type: array
description: >-
If the multi cloud account is of membership type organization, list of
accounts excluded from offering
items:
type: string
description: account IDs
AwsOrganizationalDataMember:
type: object
description: The AWS organization data for the member account
x-ms-discriminator-value: Member
allOf:
- $ref: '#/definitions/AwsOrganizationalData'
properties:
parentHierarchyId:
type: string
description: >-
If the multi cloud account is not of membership type organization,
this will be the ID of the account's parent
GcpProjectEnvironmentData:
type: object
description: The GCP project connector environment data
x-ms-discriminator-value: GcpProject
allOf:
- $ref: '#/definitions/EnvironmentData'
properties:
organizationalData:
type: object
description: The Gcp project's organizational data
$ref: '#/definitions/GcpOrganizationalData'
projectDetails:
type: object
description: The Gcp project's details
$ref: '#/definitions/GcpProjectDetails'
scanInterval:
type: integer
format: int64
description: Scan interval in hours (value should be between 1-hour to 24-hours)
GcpProjectDetails:
type: object
description: The details about the project represented by the security connector
properties:
projectNumber:
type: string
description: The unique GCP Project number
projectId:
type: string
description: The GCP Project id
workloadIdentityPoolId:
readOnly: true
type: string
description: The GCP workload identity federation pool id
projectName:
readOnly: true
type: string
description: GCP project name
GcpOrganizationalData:
type: object
description: The gcpOrganization data
discriminator: organizationMembershipType
required:
- organizationMembershipType
properties:
organizationMembershipType:
type: string
description: The multi cloud account's membership type in the organization
enum:
- Member
- Organization
x-ms-enum:
name: organizationMembershipType
modelAsString: true
GcpOrganizationalDataOrganization:
type: object
description: The gcpOrganization data for the parent account
x-ms-discriminator-value: Organization
allOf:
- $ref: '#/definitions/GcpOrganizationalData'
properties:
excludedProjectNumbers:
type: array
description: >-
If the multi cloud account is of membership type organization, list of
accounts excluded from offering
items:
type: string
description: account IDs
serviceAccountEmailAddress:
type: string
description: >-
The service account email address which represents the organization
level permissions container.
workloadIdentityProviderId:
type: string
description: >-
The GCP workload identity provider id which represents the permissions
required to auto provision security connectors
organizationName:
readOnly: true
type: string
description: GCP organization name
GcpOrganizationalDataMember:
type: object
description: The gcpOrganization data for the member account
x-ms-discriminator-value: Member
allOf:
- $ref: '#/definitions/GcpOrganizationalData'
properties:
parentHierarchyId:
type: string
description: >-
If the multi cloud account is not of membership type organization,
this will be the ID of the project's parent
managementProjectNumber:
type: string
description: The GCP management project number from organizational onboarding
GithubScopeEnvironmentData:
type: object
description: The github scope connector's environment data
x-ms-discriminator-value: GithubScope
allOf:
- $ref: '#/definitions/EnvironmentData'
properties: {}
AzureDevOpsScopeEnvironmentData:
type: object
description: The AzureDevOps scope connector's environment data
x-ms-discriminator-value: AzureDevOpsScope
allOf:
- $ref: '#/definitions/EnvironmentData'
properties: {}
GitlabScopeEnvironmentData:
type: object
description: The GitLab scope connector's environment data
x-ms-discriminator-value: GitlabScope
allOf:
- $ref: '#/definitions/EnvironmentData'
properties: {}
cloudOffering:
type: object
description: The security offering details
discriminator: offeringType
required:
- offeringType
properties:
offeringType:
type: string
description: The type of the security offering.
enum:
- CspmMonitorAws
- DefenderForContainersAws
- DefenderForServersAws
- DefenderForDatabasesAws
- CspmMonitorGcp
- CspmMonitorGithub
- CspmMonitorAzureDevOps
- DefenderForServersGcp
- DefenderForContainersGcp
- DefenderForDatabasesGcp
- DefenderCspmAws
- DefenderCspmGcp
- CspmMonitorGitLab
x-ms-enum:
name: offeringType
modelAsString: true
description:
type: string
description: The offering description.
readOnly: true
cspmMonitorAwsOffering:
type: object
description: The CSPM monitoring for AWS offering
x-ms-discriminator-value: CspmMonitorAws
allOf:
- $ref: '#/definitions/cloudOffering'
properties:
nativeCloudConnection:
type: object
description: The native cloud connection configuration
properties:
cloudRoleArn:
type: string
description: The cloud role ARN in AWS for this feature
defenderForContainersAwsOffering:
type: object
description: The Defender for Containers AWS offering
x-ms-discriminator-value: DefenderForContainersAws
allOf:
- $ref: '#/definitions/cloudOffering'
properties:
kubernetesService:
type: object
description: The kubernetes service connection configuration
properties:
cloudRoleArn:
type: string
description: >-
The cloud role ARN in AWS for this feature used for provisioning
resources
kubernetesDataCollection:
type: object
description: The kubernetes data collection connection configuration
properties:
cloudRoleArn:
type: string
description: The cloud role ARN in AWS for this feature used for reading data
cloudWatchToKinesis:
type: object
description: The cloudwatch to kinesis connection configuration
properties:
cloudRoleArn:
type: string
description: >-
The cloud role ARN in AWS used by CloudWatch to transfer data into
Kinesis
kinesisToS3:
type: object
description: The kinesis to s3 connection configuration
properties:
cloudRoleArn:
type: string
description: The cloud role ARN in AWS used by Kinesis to transfer data into S3
enableAuditLogsAutoProvisioning:
type: boolean
description: Is audit logs data collection enabled
enableDefenderAgentAutoProvisioning:
type: boolean
description: >-
Is Microsoft Defender for Cloud Kubernetes agent auto provisioning
enabled
enablePolicyAgentAutoProvisioning:
type: boolean
description: Is Policy Kubernetes agent auto provisioning enabled
kubeAuditRetentionTime:
type: integer
format: int64
description: >-
The retention time in days of kube audit logs set on the CloudWatch
log group
dataCollectionExternalId:
type: string
description: >-
The externalId used by the data reader to prevent the confused deputy
attack
mdcContainersImageAssessment:
type: object
description: The Microsoft Defender container image assessment configuration
properties:
enabled:
type: boolean
description: Is Microsoft Defender container image assessment enabled
cloudRoleArn:
type: string
description: The cloud role ARN in AWS for this feature
mdcContainersAgentlessDiscoveryK8s:
type: object
description: The Microsoft Defender container agentless discovery K8s configuration
properties:
enabled:
type: boolean
description: Is Microsoft Defender container agentless discovery K8s enabled
cloudRoleArn:
type: string
description: The cloud role ARN in AWS for this feature
vmScanners:
type: object
description: >-
The Microsoft Defender for Container K8s VM host scanning
configuration
allOf:
- $ref: '#/definitions/vmScannersAws'
properties: {}
defenderForServersAwsOffering:
type: object
description: The Defender for Servers AWS offering
x-ms-discriminator-value: DefenderForServersAws
allOf:
- $ref: '#/definitions/cloudOffering'
properties:
defenderForServers:
type: object
description: The Defender for servers connection configuration
properties:
cloudRoleArn:
type: string
description: The cloud role ARN in AWS for this feature
arcAutoProvisioning:
type: object
description: The ARC autoprovisioning configuration
allOf:
- $ref: '#/definitions/arcAutoProvisioningAws'
properties: {}
vaAutoProvisioning:
type: object
description: The Vulnerability Assessment autoprovisioning configuration
properties:
enabled:
type: boolean
description: Is Vulnerability Assessment auto provisioning enabled
configuration:
type: object
description: configuration for Vulnerability Assessment autoprovisioning
properties:
type:
type: string
description: >-
The Vulnerability Assessment solution to be provisioned. Can
be either 'TVM' or 'Qualys'
enum:
- Qualys
- TVM
x-ms-enum:
name: type
modelAsString: true
mdeAutoProvisioning:
type: object
description: The Microsoft Defender for Endpoint autoprovisioning configuration
properties:
enabled:
type: boolean
description: Is Microsoft Defender for Endpoint auto provisioning enabled
configuration:
type: object
description: configuration for Microsoft Defender for Endpoint autoprovisioning
properties: {}
subPlan:
type: object
description: configuration for the servers offering subPlan
properties:
type:
type: string
description: The available sub plans
enum:
- P1
- P2
x-ms-enum:
name: subPlan
modelAsString: true
vmScanners:
type: object
description: The Microsoft Defender for Server VM scanning configuration
allOf:
- $ref: '#/definitions/vmScannersAws'
properties: {}
defenderFoDatabasesAwsOffering:
type: object
description: The Defender for Databases AWS offering
x-ms-discriminator-value: DefenderForDatabasesAws
allOf:
- $ref: '#/definitions/cloudOffering'
properties:
arcAutoProvisioning:
type: object
description: The ARC autoprovisioning configuration
allOf:
- $ref: '#/definitions/arcAutoProvisioningAws'
properties: {}
rds:
type: object
description: The RDS configuration
properties:
enabled:
type: boolean
description: Is RDS protection enabled
cloudRoleArn:
type: string
description: The cloud role ARN in AWS for this feature
databasesDspm:
type: object
description: The databases data security posture management (DSPM) configuration
properties:
enabled:
type: boolean
description: >-
Is databases data security posture management (DSPM) protection
enabled
cloudRoleArn:
type: string
description: The cloud role ARN in AWS for this feature
cspmMonitorGcpOffering:
type: object
description: The CSPM monitoring for GCP offering
x-ms-discriminator-value: CspmMonitorGcp
allOf:
- $ref: '#/definitions/cloudOffering'
properties:
nativeCloudConnection:
type: object
description: The native cloud connection configuration
properties:
workloadIdentityProviderId:
type: string
description: The GCP workload identity provider id for the offering
serviceAccountEmailAddress:
type: string
description: The service account email address in GCP for this offering
defenderForServersGcpOffering:
type: object
description: The Defender for Servers GCP offering configurations
x-ms-discriminator-value: DefenderForServersGcp
allOf:
- $ref: '#/definitions/cloudOffering'
properties:
defenderForServers:
type: object
description: The Defender for servers connection configuration
properties:
workloadIdentityProviderId:
type: string
description: The workload identity provider id in GCP for this feature
serviceAccountEmailAddress:
type: string
description: The service account email address in GCP for this feature
arcAutoProvisioning:
type: object
description: The ARC autoprovisioning configuration
allOf:
- $ref: '#/definitions/arcAutoProvisioningGcp'
properties: {}
vaAutoProvisioning:
type: object
description: The Vulnerability Assessment autoprovisioning configuration
properties:
enabled:
type: boolean
description: Is Vulnerability Assessment auto provisioning enabled
configuration:
type: object
description: configuration for Vulnerability Assessment autoprovisioning
properties:
type:
type: string
description: >-
The Vulnerability Assessment solution to be provisioned. Can
be either 'TVM' or 'Qualys'
enum:
- Qualys
- TVM
x-ms-enum:
name: type
modelAsString: true
mdeAutoProvisioning:
type: object
description: The Microsoft Defender for Endpoint autoprovisioning configuration
properties:
enabled:
type: boolean
description: Is Microsoft Defender for Endpoint auto provisioning enabled
configuration:
type: object
description: configuration for Microsoft Defender for Endpoint autoprovisioning
properties: {}
subPlan:
type: object
description: configuration for the servers offering subPlan
properties:
type:
type: string
description: The available sub plans
enum:
- P1
- P2
x-ms-enum:
name: subPlan
modelAsString: true
vmScanners:
type: object
description: The Microsoft Defender for Server VM scanning configuration
allOf:
- $ref: '#/definitions/vmScannersGcp'
properties: {}
defenderForDatabasesGcpOffering:
type: object
description: The Defender for Databases GCP offering configurations
x-ms-discriminator-value: DefenderForDatabasesGcp
allOf:
- $ref: '#/definitions/cloudOffering'
properties:
arcAutoProvisioning:
type: object
description: The ARC autoprovisioning configuration
allOf:
- $ref: '#/definitions/arcAutoProvisioningGcp'
properties: {}
defenderForDatabasesArcAutoProvisioning:
type: object
description: The native cloud connection configuration
properties:
serviceAccountEmailAddress:
type: string
description: The service account email address in GCP for this offering
workloadIdentityProviderId:
type: string
description: The GCP workload identity provider id for this offering
defenderForContainersGcpOffering:
type: object
description: The containers GCP offering
x-ms-discriminator-value: DefenderForContainersGcp
allOf:
- $ref: '#/definitions/cloudOffering'
properties:
nativeCloudConnection:
type: object
description: The native cloud connection configuration
properties:
serviceAccountEmailAddress:
type: string
description: The service account email address in GCP for this offering
workloadIdentityProviderId:
type: string
description: The GCP workload identity provider id for this offering
dataPipelineNativeCloudConnection:
type: object
description: The native cloud connection configuration
properties:
serviceAccountEmailAddress:
type: string
description: >-
The data collection service account email address in GCP for this
offering
workloadIdentityProviderId:
type: string
description: >-
The data collection GCP workload identity provider id for this
offering
enableAuditLogsAutoProvisioning:
type: boolean
description: Is audit logs data collection enabled
enableDefenderAgentAutoProvisioning:
type: boolean
description: >-
Is Microsoft Defender for Cloud Kubernetes agent auto provisioning
enabled
enablePolicyAgentAutoProvisioning:
type: boolean
description: Is Policy Kubernetes agent auto provisioning enabled
mdcContainersImageAssessment:
type: object
description: The Microsoft Defender Container image assessment configuration
properties:
enabled:
type: boolean
description: Is Microsoft Defender container image assessment enabled
workloadIdentityProviderId:
type: string
description: The workload identity provider id in GCP for this feature
serviceAccountEmailAddress:
type: string
description: The service account email address in GCP for this feature
mdcContainersAgentlessDiscoveryK8s:
type: object
description: The Microsoft Defender Container agentless discovery configuration
properties:
enabled:
type: boolean
description: Is Microsoft Defender container agentless discovery enabled
workloadIdentityProviderId:
type: string
description: The workload identity provider id in GCP for this fea
# --- truncated at 32 KB (41 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/microsoft-azure/refs/heads/main/openapi/security-center-openapi-original.yml