Iot Security Solutions Analytics Recommendation - Get

참조

서비스:: Defender for Cloud

API 버전:: 2019-08-01

이 방법을 사용하여 IoT 보안 솔루션의 집계된 보안 분석 권장 사항을 가져옵니다. 이 집계는 권장 사항 이름으로 수행됩니다.

GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/iotSecuritySolutions/{solutionName}/analyticsModels/default/aggregatedRecommendations/{aggregatedRecommendationName}?api-version=2019-08-01

URI 매개 변수

Name	In(다음 안에)	필수	형식	Description
aggregatedRecommendationName	path	True	string	이 쿼리에 대해 집계된 권장 사항의 이름입니다.
resourceGroupName	path	True	string	사용자의 구독 내에 있는 리소스 그룹의 이름입니다. 이름은 대/소문자를 구분하지 않습니다. regex 패턴: `^[-\w\._]+$`
solutionName	path	True	string	IoT 보안 솔루션의 이름입니다.
subscriptionId	path	True	string	Azure 구독 ID regex 패턴: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`
api-version	query	True	string	작업에 대한 API 버전

응답

Name	형식	Description
200 OK	IoTSecurityAggregatedRecommendation	그래
Other Status Codes	CloudError	작업이 실패한 이유를 설명하는 오류 응답입니다.

보안

azure_auth

Azure Active Directory OAuth2 Flow

형식: oauth2
Flow: implicit
권한 부여 URL: https://login.microsoftonline.com/common/oauth2/authorize

범위

Name	Description
user_impersonation	사용자 계정 가장

예제

Get the aggregated security analytics recommendation of yours IoT Security solution

샘플 요청

GET https://management.azure.com/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Security/iotSecuritySolutions/default/analyticsModels/default/aggregatedRecommendations/OpenPortsOnDevice?api-version=2019-08-01


/**
 * Samples for IotSecuritySolutionsAnalyticsRecommendation Get.
 */
public final class Main {
    /*
     * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/
     * IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendation.json
     */
    /**
     * Sample code: Get the aggregated security analytics recommendation of yours IoT Security solution.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void getTheAggregatedSecurityAnalyticsRecommendationOfYoursIoTSecuritySolution(
        com.azure.resourcemanager.security.SecurityManager manager) {
        manager.iotSecuritySolutionsAnalyticsRecommendations().getWithResponse("IoTEdgeResources", "default",
            "OpenPortsOnDevice", com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendation.json
func ExampleIotSecuritySolutionsAnalyticsRecommendationClient_Get() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewIotSecuritySolutionsAnalyticsRecommendationClient().Get(ctx, "IoTEdgeResources", "default", "OpenPortsOnDevice", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.IoTSecurityAggregatedRecommendation = armsecurity.IoTSecurityAggregatedRecommendation{
	// 	Name: to.Ptr("/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/OpenPortsOnDevice"),
	// 	Type: to.Ptr("Microsoft.Security/iotSecuritySolutions/analyticsModels/aggregatedRecommendations"),
	// 	ID: to.Ptr("/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/OpenPortsOnDevice"),
	// 	Properties: &armsecurity.IoTSecurityAggregatedRecommendationProperties{
	// 		Description: to.Ptr("An allowed firewall policy was found in main firewall Chains (INPUT/OUTPUT). The policy should Deny all traffic by default define rules to allow necessary communication to/from the device"),
	// 		DetectedBy: to.Ptr("Microsoft"),
	// 		HealthyDevices: to.Ptr[int64](10000),
	// 		LogAnalyticsQuery: to.Ptr("SecurityRecommendation | where tolower(AssessedResourceId) == tolower('/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Devices/IotHubs/t-ofdadu-hub') and tolower(RecommendationName) == tolower('OpenPortsOnDevice')"),
	// 		RecommendationDisplayName: to.Ptr("Permissive firewall policy in one of the chains was found"),
	// 		RecommendationName: to.Ptr("OpenPortsOnDevice"),
	// 		RecommendationTypeID: to.Ptr("{20ff7fc3-e762-44dd-bd96-b71116dcdc23}"),
	// 		RemediationSteps: to.Ptr(""),
	// 		ReportedSeverity: to.Ptr(armsecurity.ReportedSeverityLow),
	// 		UnhealthyDeviceCount: to.Ptr[int64](200),
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Use this method to get the aggregated security analytics recommendation of yours IoT Security solution. This aggregation is performed by recommendation name.
 *
 * @summary Use this method to get the aggregated security analytics recommendation of yours IoT Security solution. This aggregation is performed by recommendation name.
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendation.json
 */
async function getTheAggregatedSecurityAnalyticsRecommendationOfYoursIoTSecuritySolution() {
  const subscriptionId =
    process.env["SECURITY_SUBSCRIPTION_ID"] || "075423e9-7d33-4166-8bdf-3920b04e3735";
  const resourceGroupName = process.env["SECURITY_RESOURCE_GROUP"] || "IoTEdgeResources";
  const solutionName = "default";
  const aggregatedRecommendationName = "OpenPortsOnDevice";
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential, subscriptionId);
  const result = await client.iotSecuritySolutionsAnalyticsRecommendation.get(
    resourceGroupName,
    solutionName,
    aggregatedRecommendationName,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.SecurityCenter;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/stable/2019-08-01/examples/IoTSecuritySolutionsAnalytics/GetIoTSecuritySolutionsSecurityRecommendation.json
// this example is just showing the usage of "IotSecuritySolutionsAnalyticsRecommendation_Get" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this IotSecuritySolutionAnalyticsModelResource created on azure
// for more information of creating IotSecuritySolutionAnalyticsModelResource, please refer to the document of IotSecuritySolutionAnalyticsModelResource
string subscriptionId = "075423e9-7d33-4166-8bdf-3920b04e3735";
string resourceGroupName = "IoTEdgeResources";
string solutionName = "default";
ResourceIdentifier iotSecuritySolutionAnalyticsModelResourceId = IotSecuritySolutionAnalyticsModelResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, solutionName);
IotSecuritySolutionAnalyticsModelResource iotSecuritySolutionAnalyticsModel = client.GetIotSecuritySolutionAnalyticsModelResource(iotSecuritySolutionAnalyticsModelResourceId);

// get the collection of this IotSecurityAggregatedRecommendationResource
IotSecurityAggregatedRecommendationCollection collection = iotSecuritySolutionAnalyticsModel.GetIotSecurityAggregatedRecommendations();

// invoke the operation
string aggregatedRecommendationName = "OpenPortsOnDevice";
NullableResponse<IotSecurityAggregatedRecommendationResource> response = await collection.GetIfExistsAsync(aggregatedRecommendationName);
IotSecurityAggregatedRecommendationResource result = response.HasValue ? response.Value : null;

if (result == null)
{
    Console.WriteLine($"Succeeded with null as result");
}
else
{
    // the variable result is a resource, you could call other operations on this instance as well
    // but just for demo, we get its data from this resource instance
    IotSecurityAggregatedRecommendationData resourceData = result.Data;
    // for demo we just print out the id
    Console.WriteLine($"Succeeded on id: {resourceData.Id}");
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

샘플 응답

상태 코드:: 200

{
  "id": "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/OpenPortsOnDevice",
  "name": "/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Security/IoTSecuritySolutions/Locations/eastus/default/OpenPortsOnDevice",
  "type": "Microsoft.Security/iotSecuritySolutions/analyticsModels/aggregatedRecommendations",
  "properties": {
    "recommendationName": "OpenPortsOnDevice",
    "recommendationDisplayName": "Permissive firewall policy in one of the chains was found",
    "description": "An allowed firewall policy was found in main firewall Chains (INPUT/OUTPUT). The policy should Deny all traffic by default define rules to allow necessary communication to/from the device",
    "recommendationTypeId": "{20ff7fc3-e762-44dd-bd96-b71116dcdc23}",
    "detectedBy": "Microsoft",
    "reportedSeverity": "Low",
    "remediationSteps": "",
    "healthyDevices": 10000,
    "unhealthyDeviceCount": 200,
    "logAnalyticsQuery": "SecurityRecommendation | where tolower(AssessedResourceId) == tolower('/subscriptions/075423e9-7d33-4166-8bdf-3920b04e3735/resourceGroups/IoTEdgeResources/providers/Microsoft.Devices/IotHubs/t-ofdadu-hub') and tolower(RecommendationName) == tolower('OpenPortsOnDevice')"
  }
}

정의

Name	Description
CloudError	실패한 작업에 대한 오류 세부 정보를 반환하는 모든 Azure Resource Manager API에 대한 일반적인 오류 응답입니다. 또한 OData 오류 응답 형식을 따릅니다.
CloudErrorBody	오류 세부 정보입니다.
ErrorAdditionalInfo	리소스 관리 오류 추가 정보입니다.
IoTSecurityAggregatedRecommendation	IoT 보안 솔루션 권장 사항 정보입니다.
reportedSeverity	평가된 경고 심각도입니다.

CloudError

실패한 작업에 대한 오류 세부 정보를 반환하는 모든 Azure Resource Manager API에 대한 일반적인 오류 응답입니다. 또한 OData 오류 응답 형식을 따릅니다.

Name	형식	Description
error.additionalInfo	ErrorAdditionalInfo[]	오류 추가 정보입니다.
error.code	string	오류 코드입니다.
error.details	CloudErrorBody[]	오류 세부 정보입니다.
error.message	string	오류 메시지입니다.
error.target	string	오류 대상입니다.

CloudErrorBody

오류 세부 정보입니다.

Name	형식	Description
additionalInfo	ErrorAdditionalInfo[]	오류 추가 정보입니다.
code	string	오류 코드입니다.
details	CloudErrorBody[]	오류 세부 정보입니다.
message	string	오류 메시지입니다.
target	string	오류 대상입니다.

ErrorAdditionalInfo

리소스 관리 오류 추가 정보입니다.

Name	형식	Description
info	object	추가 정보입니다.
type	string	추가 정보 유형입니다.

IoTSecurityAggregatedRecommendation

IoT 보안 솔루션 권장 사항 정보입니다.

Name	형식	Description
id	string	리소스 ID
name	string	리소스 이름
properties.description	string	의심되는 취약성 및 의미에 대한 설명입니다.
properties.detectedBy	string	권장 사항을 만든 조직의 이름입니다.
properties.healthyDevices	integer	IoT 보안 솔루션 내의 정상 디바이스 수입니다.
properties.logAnalyticsQuery	string	영향을 받는 디바이스/경고 목록을 가져오기 위한 Log Analytics 쿼리입니다.
properties.recommendationDisplayName	string	권장 사항 유형의 표시 이름입니다.
properties.recommendationName	string	권장 사항의 이름입니다.
properties.recommendationTypeId	string	권장 사항 유형 GUID입니다.
properties.remediationSteps	string	수정에 권장되는 단계
properties.reportedSeverity	reportedSeverity	평가된 권장 사항 심각도입니다.
properties.unhealthyDeviceCount	integer	IoT Security 솔루션 내의 비정상 디바이스 수입니다.
tags	object	리소스 태그
type	string	리소스 종류

reportedSeverity

평가된 경고 심각도입니다.

Name	형식	Description
High	string
Informational	string
Low	string
Medium	string

다음을 통해 공유

Iot Security Solutions Analytics Recommendation - Get

URI 매개 변수

응답

보안

azure_auth

범위

예제

Get the aggregated security analytics recommendation of yours IoT Security solution

샘플 요청

샘플 응답

정의

CloudError

CloudErrorBody

ErrorAdditionalInfo

IoTSecurityAggregatedRecommendation

reportedSeverity

추가 리소스