구독의 보안을 사전에 개선하는 데 도움이 되는 권장 작업
GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/locations/{ascLocation}/tasks?api-version=2015-06-01-preview
선택적 매개 변수:
GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/locations/{ascLocation}/tasks?api-version=2015-06-01-preview&$filter={$filter}
URI 매개 변수
| Name |
In(다음 안에) |
필수 |
형식 |
Description |
|
ascLocation
|
path |
True
|
string
|
ASC가 구독의 데이터를 저장하는 위치입니다. 위치 가져오기에서 검색할 수 있습니다.
|
|
resourceGroupName
|
path |
True
|
string
|
사용자의 구독 내에 있는 리소스 그룹의 이름입니다. 이름은 대/소문자를 구분하지 않습니다.
regex 패턴: ^[-\w\._\(\)]+$
|
|
subscriptionId
|
path |
True
|
string
|
Azure 구독 ID
regex 패턴: ^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$
|
|
api-version
|
query |
True
|
string
|
작업에 대한 API 버전
|
|
$filter
|
query |
|
string
|
OData 필터입니다. 선택적.
|
응답
보안
azure_auth
Azure Active Directory OAuth2 Flow
형식:
oauth2
Flow:
implicit
권한 부여 URL:
https://login.microsoftonline.com/common/oauth2/authorize
범위
| Name |
Description |
|
user_impersonation
|
사용자 계정 가장
|
예제
Get security recommendation tasks in a resource group
샘플 요청
GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Security/locations/westeurope/tasks?api-version=2015-06-01-preview
/**
* Samples for Tasks ListByResourceGroup.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/security/resource-manager/Microsoft.Security/preview/2015-06-01-preview/examples/Tasks/
* GetTasksResourceGroupLocation_example.json
*/
/**
* Sample code: Get security recommendation tasks in a resource group.
*
* @param manager Entry point to SecurityManager.
*/
public static void
getSecurityRecommendationTasksInAResourceGroup(com.azure.resourcemanager.security.SecurityManager manager) {
manager.tasks().listByResourceGroup("myRg", "westeurope", null, com.azure.core.util.Context.NONE);
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/preview/2015-06-01-preview/examples/Tasks/GetTasksResourceGroupLocation_example.json
func ExampleTasksClient_NewListByResourceGroupPager() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
pager := clientFactory.NewTasksClient().NewListByResourceGroupPager("myRg", "westeurope", &armsecurity.TasksClientListByResourceGroupOptions{Filter: nil})
for pager.More() {
page, err := pager.NextPage(ctx)
if err != nil {
log.Fatalf("failed to advance page: %v", err)
}
for _, v := range page.Value {
// You could use page here. We use blank identifier for just demo purposes.
_ = v
}
// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// page.TaskList = armsecurity.TaskList{
// Value: []*armsecurity.Task{
// {
// Name: to.Ptr("d55b4dc0-779c-c66c-33e5-d7bce24c4222"),
// Type: to.Ptr("Microsoft.Security/locations/tasks"),
// ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Security/locations/westeurope/tasks/d55b4dc0-779c-c66c-33e5-d7bce24c4222"),
// Properties: &armsecurity.TaskProperties{
// CreationTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2018-04-02T11:41:27.054Z"); return t}()),
// LastStateChangeTimeUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2018-04-02T11:41:27.054Z"); return t}()),
// SecurityTaskParameters: &armsecurity.TaskParameters{
// AdditionalProperties: map[string]any{
// "isDataDiskEncrypted": false,
// "isOsDiskEncrypted": false,
// "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachines/vm1",
// "severity": "High",
// "uniqueKey": "EncryptionOnVmTaskParameters_/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachines/vm1",
// "vmId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachines/vm1",
// "vmName": "vm1",
// },
// Name: to.Ptr("EncryptionOnVm"),
// },
// State: to.Ptr("Active"),
// SubState: to.Ptr("NA"),
// },
// }},
// }
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Recommended tasks that will help improve the security of the subscription proactively
*
* @summary Recommended tasks that will help improve the security of the subscription proactively
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/preview/2015-06-01-preview/examples/Tasks/GetTasksResourceGroupLocation_example.json
*/
async function getSecurityRecommendationTasksInAResourceGroup() {
const subscriptionId =
process.env["SECURITY_SUBSCRIPTION_ID"] || "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
const resourceGroupName = process.env["SECURITY_RESOURCE_GROUP"] || "myRg";
const ascLocation = "westeurope";
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential, subscriptionId);
const resArray = new Array();
for await (let item of client.tasks.listByResourceGroup(resourceGroupName, ascLocation)) {
resArray.push(item);
}
console.log(resArray);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.SecurityCenter;
// Generated from example definition: specification/security/resource-manager/Microsoft.Security/preview/2015-06-01-preview/examples/Tasks/GetTasksResourceGroupLocation_example.json
// this example is just showing the usage of "Tasks_ListByResourceGroup" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
string resourceGroupName = "myRg";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ResourceGroupSecurityTaskResource
AzureLocation ascLocation = new AzureLocation("westeurope");
ResourceGroupSecurityTaskCollection collection = resourceGroupResource.GetResourceGroupSecurityTasks(ascLocation);
// invoke the operation and iterate over the result
await foreach (ResourceGroupSecurityTaskResource item in collection.GetAllAsync())
{
// the variable item is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
SecurityTaskData resourceData = item.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
}
Console.WriteLine($"Succeeded");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
샘플 응답
{
"value": [
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Security/locations/westeurope/tasks/d55b4dc0-779c-c66c-33e5-d7bce24c4222",
"name": "d55b4dc0-779c-c66c-33e5-d7bce24c4222",
"type": "Microsoft.Security/locations/tasks",
"properties": {
"state": "Active",
"subState": "NA",
"creationTimeUtc": "2018-04-02T11:41:27.0541014Z",
"lastStateChangeTimeUtc": "2018-04-02T11:41:27.0541014Z",
"securityTaskParameters": {
"vmId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachines/vm1",
"vmName": "vm1",
"severity": "High",
"isOsDiskEncrypted": false,
"isDataDiskEncrypted": false,
"name": "EncryptionOnVm",
"uniqueKey": "EncryptionOnVmTaskParameters_/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachines/vm1",
"resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.Compute/virtualMachines/vm1"
}
}
}
]
}
정의
CloudError
실패한 작업에 대한 오류 세부 정보를 반환하는 모든 Azure Resource Manager API에 대한 일반적인 오류 응답입니다. 또한 OData 오류 응답 형식을 따릅니다.
| Name |
형식 |
Description |
|
error.additionalInfo
|
ErrorAdditionalInfo[]
|
오류 추가 정보입니다.
|
|
error.code
|
string
|
오류 코드입니다.
|
|
error.details
|
CloudErrorBody[]
|
오류 세부 정보입니다.
|
|
error.message
|
string
|
오류 메시지입니다.
|
|
error.target
|
string
|
오류 대상입니다.
|
CloudErrorBody
오류 세부 정보입니다.
| Name |
형식 |
Description |
|
additionalInfo
|
ErrorAdditionalInfo[]
|
오류 추가 정보입니다.
|
|
code
|
string
|
오류 코드입니다.
|
|
details
|
CloudErrorBody[]
|
오류 세부 정보입니다.
|
|
message
|
string
|
오류 메시지입니다.
|
|
target
|
string
|
오류 대상입니다.
|
ErrorAdditionalInfo
리소스 관리 오류 추가 정보입니다.
| Name |
형식 |
Description |
|
info
|
object
|
추가 정보입니다.
|
|
type
|
string
|
추가 정보 유형입니다.
|
SecurityTask
보안을 강화하기 위해 수행하는 것이 좋습니다.
| Name |
형식 |
Description |
|
id
|
string
|
리소스 ID
|
|
name
|
string
|
리소스 이름
|
|
properties.creationTimeUtc
|
string
|
이 작업이 UTC에서 검색된 시간
|
|
properties.lastStateChangeTimeUtc
|
string
|
이 작업의 세부 정보가 UTC에서 마지막으로 변경된 시간
|
|
properties.securityTaskParameters
|
SecurityTaskParameters
|
이름 필드에서 파생된 작업 유형에 따라 속성 집합 변경
|
|
properties.state
|
string
|
작업의 상태(활성, 해결됨 등)
|
|
properties.subState
|
string
|
작업 상태에 대한 추가 데이터
|
|
type
|
string
|
리소스 종류
|
SecurityTaskList
보안 작업 권장 사항 목록
| Name |
형식 |
Description |
|
nextLink
|
string
|
다음 페이지를 가져올 URI입니다.
|
|
value
|
SecurityTask[]
|
보안을 강화하기 위해 수행하는 것이 좋습니다.
|
SecurityTaskParameters
이름 필드에서 파생된 작업 유형에 따라 속성 집합 변경
| Name |
형식 |
Description |
|
name
|
string
|
작업 유형 이름
|