Adaptive Application Controls - Put

Service:

Defender for Cloud

API Version:

2020-01-01

Alkalmazásvezérlőgép-csoport frissítése

PUT https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Security/locations/{ascLocation}/applicationWhitelistings/{groupName}?api-version=2020-01-01

URI-paraméterek

Name	In	Kötelező	Típus	Description
ascLocation	path	True	string	Az a hely, ahol az ASC az előfizetés adatait tárolja. lekérhető a Helyek lekérése helyről
groupName	path	True	string	Alkalmazásvezérlőgép-csoport neve
subscriptionId	path	True	string	Azure-előfizetés azonosítója Regex pattern: ^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$
api-version	query	True	string	A művelet API-verziója

Kérelem törzse

Name	Típus	Description
properties.enforcementMode	EnforcementMode	A gépcsoport alkalmazásvezérlési szabályzat-kényszerítési/védelmi módja
properties.pathRecommendations	PathRecommendation[]	A javasolt elérési utat és annak tulajdonságait jelöli
properties.protectionMode	ProtectionMode	A gyűjtemény-/fájltípusok védelmi módja. Az Exe/Msi/Script a Windowshoz, a Végrehajtható fájl Linuxhoz használható.
properties.vmRecommendations	VmRecommendation[]	Egy gépcsoport részét képező gépet jelöl

Válaszok

Name	Típus	Description
200 OK	AdaptiveApplicationControlGroup	OK
Other Status Codes	CloudError	Hibaválasz, amely leírja, hogy a művelet miért hiúsult meg.

Biztonság

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	felhasználói fiók megszemélyesítése

Példák

Update an application control machine group by adding a new application

Sample Request

HTTP

PUT https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/ERELGROUP1?api-version=2020-01-01

{
  "properties": {
    "enforcementMode": "Audit",
    "protectionMode": {
      "exe": "Audit",
      "msi": "None",
      "script": "None"
    },
    "vmRecommendations": [
      {
        "configurationStatus": "Configured",
        "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-stable/providers/microsoft.compute/virtualmachines/erelh-16090",
        "recommendationAction": "Recommended",
        "enforcementSupport": "Supported"
      },
      {
        "configurationStatus": "Configured",
        "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/matanvs/providers/microsoft.compute/virtualmachines/matanvs19",
        "recommendationAction": "Recommended",
        "enforcementSupport": "Supported"
      }
    ],
    "pathRecommendations": [
      {
        "path": "[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0",
        "type": "PublisherSignature",
        "publisherInfo": {
          "publisherName": "O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US",
          "productName": "*",
          "binaryName": "*",
          "version": "0.0.0.0"
        },
        "common": true,
        "action": "Recommended",
        "usernames": [
          {
            "username": "Everyone",
            "recommendationAction": "Recommended"
          }
        ],
        "userSids": [
          "S-1-1-0"
        ],
        "fileType": "Exe",
        "configurationStatus": "Configured"
      },
      {
        "path": "%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE",
        "type": "ProductSignature",
        "publisherInfo": {
          "publisherName": "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
          "productName": "MICROSOFT® COREXT",
          "binaryName": "*",
          "version": "0.0.0.0"
        },
        "common": true,
        "action": "Recommended",
        "usernames": [
          {
            "username": "NT AUTHORITY\\SYSTEM",
            "recommendationAction": "Recommended"
          }
        ],
        "userSids": [
          "S-1-1-0"
        ],
        "fileType": "Exe",
        "configurationStatus": "Configured"
      },
      {
        "path": "%OSDRIVE%\\WINDOWSAZURE\\PACKAGES_201973_7415\\COLLECTGUESTLOGS.EXE",
        "type": "PublisherSignature",
        "publisherInfo": {
          "publisherName": "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
          "productName": "*",
          "binaryName": "*",
          "version": "0.0.0.0"
        },
        "common": true,
        "action": "Recommended",
        "usernames": [
          {
            "username": "NT AUTHORITY\\SYSTEM",
            "recommendationAction": "Recommended"
          }
        ],
        "userSids": [
          "S-1-1-0"
        ],
        "fileType": "Exe",
        "configurationStatus": "Configured"
      },
      {
        "path": "C:\\directory\\file.exe",
        "action": "Add",
        "type": "File",
        "common": true
      }
    ]
  }
}

Java

import com.azure.resourcemanager.security.models.AdaptiveApplicationControlGroup;
import com.azure.resourcemanager.security.models.ConfigurationStatus;
import com.azure.resourcemanager.security.models.EnforcementMode;
import com.azure.resourcemanager.security.models.EnforcementSupport;
import com.azure.resourcemanager.security.models.FileType;
import com.azure.resourcemanager.security.models.PathRecommendation;
import com.azure.resourcemanager.security.models.ProtectionMode;
import com.azure.resourcemanager.security.models.PublisherInfo;
import com.azure.resourcemanager.security.models.RecommendationAction;
import com.azure.resourcemanager.security.models.RecommendationType;
import com.azure.resourcemanager.security.models.UserRecommendation;
import com.azure.resourcemanager.security.models.VmRecommendation;
import java.util.Arrays;

/**
 * Samples for AdaptiveApplicationControls Put.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/
     * PutAdaptiveApplicationControls_example.json
     */
    /**
     * Sample code: Update an application control machine group by adding a new application.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void updateAnApplicationControlMachineGroupByAddingANewApplication(
        com.azure.resourcemanager.security.SecurityManager manager) {
        AdaptiveApplicationControlGroup resource = manager.adaptiveApplicationControls()
            .getWithResponse("centralus", "ERELGROUP1", com.azure.core.util.Context.NONE).getValue();
        resource.update().withEnforcementMode(EnforcementMode.AUDIT)
            .withProtectionMode(new ProtectionMode().withExe(EnforcementMode.AUDIT).withMsi(EnforcementMode.NONE)
                .withScript(EnforcementMode.NONE))
            .withVmRecommendations(Arrays.asList(new VmRecommendation()
                .withConfigurationStatus(ConfigurationStatus.CONFIGURED)
                .withRecommendationAction(RecommendationAction.RECOMMENDED)
                .withResourceId(
                    "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-stable/providers/microsoft.compute/virtualmachines/erelh-16090")
                .withEnforcementSupport(EnforcementSupport.SUPPORTED),
                new VmRecommendation().withConfigurationStatus(ConfigurationStatus.CONFIGURED)
                    .withRecommendationAction(RecommendationAction.RECOMMENDED)
                    .withResourceId(
                        "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/matanvs/providers/microsoft.compute/virtualmachines/matanvs19")
                    .withEnforcementSupport(EnforcementSupport.SUPPORTED)))
            .withPathRecommendations(Arrays.asList(
                new PathRecommendation()
                    .withPath("[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0")
                    .withAction(RecommendationAction.RECOMMENDED)
                    .withType(RecommendationType.fromString("PublisherSignature"))
                    .withPublisherInfo(
                        new PublisherInfo().withPublisherName("O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US")
                            .withProductName("*").withBinaryName("*").withVersion("0.0.0.0"))
                    .withCommon(true).withUserSids(Arrays.asList("S-1-1-0"))
                    .withUsernames(Arrays.asList(new UserRecommendation().withUsername("Everyone")
                        .withRecommendationAction(RecommendationAction.RECOMMENDED)))
                    .withFileType(FileType.EXE).withConfigurationStatus(ConfigurationStatus.CONFIGURED),
                new PathRecommendation().withPath("%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE")
                    .withAction(RecommendationAction.RECOMMENDED)
                    .withType(RecommendationType.fromString("ProductSignature"))
                    .withPublisherInfo(new PublisherInfo().withPublisherName("CN=MICROSOFT AZURE DEPENDENCY CODE SIGN")
                        .withProductName("MICROSOFT® COREXT").withBinaryName("*").withVersion("0.0.0.0"))
                    .withCommon(true).withUserSids(Arrays.asList("S-1-1-0"))
                    .withUsernames(Arrays.asList(new UserRecommendation().withUsername("NT AUTHORITY\\SYSTEM")
                        .withRecommendationAction(RecommendationAction.RECOMMENDED)))
                    .withFileType(FileType.EXE).withConfigurationStatus(ConfigurationStatus.CONFIGURED),
                new PathRecommendation().withPath("%OSDRIVE%\\WINDOWSAZURE\\PACKAGES_201973_7415\\COLLECTGUESTLOGS.EXE")
                    .withAction(RecommendationAction.RECOMMENDED)
                    .withType(RecommendationType.fromString("PublisherSignature"))
                    .withPublisherInfo(new PublisherInfo().withPublisherName("CN=MICROSOFT AZURE DEPENDENCY CODE SIGN")
                        .withProductName("*").withBinaryName("*").withVersion("0.0.0.0"))
                    .withCommon(true).withUserSids(Arrays.asList("S-1-1-0"))
                    .withUsernames(Arrays.asList(new UserRecommendation().withUsername("NT AUTHORITY\\SYSTEM")
                        .withRecommendationAction(RecommendationAction.RECOMMENDED)))
                    .withFileType(FileType.EXE).withConfigurationStatus(ConfigurationStatus.CONFIGURED),
                new PathRecommendation().withPath("C:\\directory\\file.exe").withAction(RecommendationAction.ADD)
                    .withType(RecommendationType.fromString("File")).withCommon(true)))
            .apply();
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/b43974e07d3204c4b6f8396627f5430994a7f7c9/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/PutAdaptiveApplicationControls_example.json
func ExampleAdaptiveApplicationControlsClient_Put() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewAdaptiveApplicationControlsClient().Put(ctx, "centralus", "ERELGROUP1", armsecurity.AdaptiveApplicationControlGroup{
		Properties: &armsecurity.AdaptiveApplicationControlGroupData{
			EnforcementMode: to.Ptr(armsecurity.EnforcementModeAudit),
			PathRecommendations: []*armsecurity.PathRecommendation{
				{
					Type:                to.Ptr(armsecurity.RecommendationType("PublisherSignature")),
					Path:                to.Ptr("[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0"),
					Action:              to.Ptr(armsecurity.RecommendationActionRecommended),
					Common:              to.Ptr(true),
					ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
					FileType:            to.Ptr(armsecurity.FileTypeExe),
					PublisherInfo: &armsecurity.PublisherInfo{
						BinaryName:    to.Ptr("*"),
						ProductName:   to.Ptr("*"),
						PublisherName: to.Ptr("O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US"),
						Version:       to.Ptr("0.0.0.0"),
					},
					UserSids: []*string{
						to.Ptr("S-1-1-0")},
					Usernames: []*armsecurity.UserRecommendation{
						{
							RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
							Username:             to.Ptr("Everyone"),
						}},
				},
				{
					Type:                to.Ptr(armsecurity.RecommendationType("ProductSignature")),
					Path:                to.Ptr("%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE"),
					Action:              to.Ptr(armsecurity.RecommendationActionRecommended),
					Common:              to.Ptr(true),
					ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
					FileType:            to.Ptr(armsecurity.FileTypeExe),
					PublisherInfo: &armsecurity.PublisherInfo{
						BinaryName:    to.Ptr("*"),
						ProductName:   to.Ptr("MICROSOFT® COREXT"),
						PublisherName: to.Ptr("CN=MICROSOFT AZURE DEPENDENCY CODE SIGN"),
						Version:       to.Ptr("0.0.0.0"),
					},
					UserSids: []*string{
						to.Ptr("S-1-1-0")},
					Usernames: []*armsecurity.UserRecommendation{
						{
							RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
							Username:             to.Ptr("NT AUTHORITY\\SYSTEM"),
						}},
				},
				{
					Type:                to.Ptr(armsecurity.RecommendationType("PublisherSignature")),
					Path:                to.Ptr("%OSDRIVE%\\WINDOWSAZURE\\PACKAGES_201973_7415\\COLLECTGUESTLOGS.EXE"),
					Action:              to.Ptr(armsecurity.RecommendationActionRecommended),
					Common:              to.Ptr(true),
					ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
					FileType:            to.Ptr(armsecurity.FileTypeExe),
					PublisherInfo: &armsecurity.PublisherInfo{
						BinaryName:    to.Ptr("*"),
						ProductName:   to.Ptr("*"),
						PublisherName: to.Ptr("CN=MICROSOFT AZURE DEPENDENCY CODE SIGN"),
						Version:       to.Ptr("0.0.0.0"),
					},
					UserSids: []*string{
						to.Ptr("S-1-1-0")},
					Usernames: []*armsecurity.UserRecommendation{
						{
							RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
							Username:             to.Ptr("NT AUTHORITY\\SYSTEM"),
						}},
				},
				{
					Type:   to.Ptr(armsecurity.RecommendationType("File")),
					Path:   to.Ptr("C:\\directory\\file.exe"),
					Action: to.Ptr(armsecurity.RecommendationActionAdd),
					Common: to.Ptr(true),
				}},
			ProtectionMode: &armsecurity.ProtectionMode{
				Exe:    to.Ptr(armsecurity.EnforcementModeAudit),
				Msi:    to.Ptr(armsecurity.EnforcementModeNone),
				Script: to.Ptr(armsecurity.EnforcementModeNone),
			},
			VMRecommendations: []*armsecurity.VMRecommendation{
				{
					ConfigurationStatus:  to.Ptr(armsecurity.ConfigurationStatusConfigured),
					EnforcementSupport:   to.Ptr(armsecurity.EnforcementSupportSupported),
					RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
					ResourceID:           to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-stable/providers/microsoft.compute/virtualmachines/erelh-16090"),
				},
				{
					ConfigurationStatus:  to.Ptr(armsecurity.ConfigurationStatusConfigured),
					EnforcementSupport:   to.Ptr(armsecurity.EnforcementSupportSupported),
					RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
					ResourceID:           to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/matanvs/providers/microsoft.compute/virtualmachines/matanvs19"),
				}},
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.AdaptiveApplicationControlGroup = armsecurity.AdaptiveApplicationControlGroup{
	// 	Location: to.Ptr("centralus"),
	// 	Name: to.Ptr("ERELGROUP1"),
	// 	Type: to.Ptr("Microsoft.Security/applicationWhitelistings"),
	// 	ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/ERELGROUP1"),
	// 	Properties: &armsecurity.AdaptiveApplicationControlGroupData{
	// 		ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusInProgress),
	// 		EnforcementMode: to.Ptr(armsecurity.EnforcementModeAudit),
	// 		Issues: []*armsecurity.AdaptiveApplicationControlIssueSummary{
	// 		},
	// 		PathRecommendations: []*armsecurity.PathRecommendation{
	// 			{
	// 				Type: to.Ptr(armsecurity.RecommendationType("PublisherSignature")),
	// 				Path: to.Ptr("[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0"),
	// 				Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 				Common: to.Ptr(true),
	// 				ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 				FileType: to.Ptr(armsecurity.FileTypeExe),
	// 				PublisherInfo: &armsecurity.PublisherInfo{
	// 					BinaryName: to.Ptr("*"),
	// 					ProductName: to.Ptr("*"),
	// 					PublisherName: to.Ptr("O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US"),
	// 					Version: to.Ptr("0.0.0.0"),
	// 				},
	// 				UserSids: []*string{
	// 					to.Ptr("S-1-1-0")},
	// 					Usernames: []*armsecurity.UserRecommendation{
	// 						{
	// 							RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 							Username: to.Ptr("Everyone"),
	// 					}},
	// 				},
	// 				{
	// 					Type: to.Ptr(armsecurity.RecommendationType("ProductSignature")),
	// 					Path: to.Ptr("%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE"),
	// 					Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 					Common: to.Ptr(true),
	// 					ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 					FileType: to.Ptr(armsecurity.FileTypeExe),
	// 					PublisherInfo: &armsecurity.PublisherInfo{
	// 						BinaryName: to.Ptr("*"),
	// 						ProductName: to.Ptr("MICROSOFT® COREXT"),
	// 						PublisherName: to.Ptr("CN=MICROSOFT AZURE DEPENDENCY CODE SIGN"),
	// 						Version: to.Ptr("0.0.0.0"),
	// 					},
	// 					UserSids: []*string{
	// 						to.Ptr("S-1-1-0")},
	// 						Usernames: []*armsecurity.UserRecommendation{
	// 							{
	// 								RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 								Username: to.Ptr("NT AUTHORITY\\SYSTEM"),
	// 						}},
	// 					},
	// 					{
	// 						Type: to.Ptr(armsecurity.RecommendationType("PublisherSignature")),
	// 						Path: to.Ptr("%OSDRIVE%\\WINDOWSAZURE\\PACKAGES_201973_7415\\COLLECTGUESTLOGS.EXE"),
	// 						Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 						Common: to.Ptr(true),
	// 						ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 						FileType: to.Ptr(armsecurity.FileTypeExe),
	// 						PublisherInfo: &armsecurity.PublisherInfo{
	// 							BinaryName: to.Ptr("*"),
	// 							ProductName: to.Ptr("*"),
	// 							PublisherName: to.Ptr("CN=MICROSOFT AZURE DEPENDENCY CODE SIGN"),
	// 							Version: to.Ptr("0.0.0.0"),
	// 						},
	// 						UserSids: []*string{
	// 							to.Ptr("S-1-1-0")},
	// 							Usernames: []*armsecurity.UserRecommendation{
	// 								{
	// 									RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 									Username: to.Ptr("NT AUTHORITY\\SYSTEM"),
	// 							}},
	// 						},
	// 						{
	// 							Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 							Path: to.Ptr("C:\\directory\\file.exe"),
	// 							Action: to.Ptr(armsecurity.RecommendationActionAdd),
	// 							Common: to.Ptr(true),
	// 							ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusNotConfigured),
	// 							FileType: to.Ptr(armsecurity.FileTypeExe),
	// 							UserSids: []*string{
	// 								to.Ptr("S-1-1-0")},
	// 								Usernames: []*armsecurity.UserRecommendation{
	// 									{
	// 										RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 										Username: to.Ptr("Everyone"),
	// 								}},
	// 						}},
	// 						ProtectionMode: &armsecurity.ProtectionMode{
	// 							Exe: to.Ptr(armsecurity.EnforcementModeAudit),
	// 							Msi: to.Ptr(armsecurity.EnforcementModeNone),
	// 							Script: to.Ptr(armsecurity.EnforcementModeNone),
	// 						},
	// 						RecommendationStatus: to.Ptr(armsecurity.RecommendationStatusRecommended),
	// 						SourceSystem: to.Ptr(armsecurity.SourceSystemAzureAppLocker),
	// 						VMRecommendations: []*armsecurity.VMRecommendation{
	// 							{
	// 								RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 								ResourceID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-stable/providers/microsoft.compute/virtualmachines/erelh-16090"),
	// 							},
	// 							{
	// 								RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 								ResourceID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/matanvs/providers/microsoft.compute/virtualmachines/matanvs19"),
	// 						}},
	// 					},
	// 				}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Update an application control machine group
 *
 * @summary Update an application control machine group
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/PutAdaptiveApplicationControls_example.json
 */
async function updateAnApplicationControlMachineGroupByAddingANewApplication() {
  const subscriptionId =
    process.env["SECURITY_SUBSCRIPTION_ID"] || "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
  const ascLocation = "centralus";
  const groupName = "ERELGROUP1";
  const body = {
    enforcementMode: "Audit",
    pathRecommendations: [
      {
        type: "PublisherSignature",
        path: "[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0",
        action: "Recommended",
        common: true,
        configurationStatus: "Configured",
        fileType: "Exe",
        publisherInfo: {
          binaryName: "*",
          productName: "*",
          publisherName: "O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US",
          version: "0.0.0.0",
        },
        userSids: ["S-1-1-0"],
        usernames: [{ recommendationAction: "Recommended", username: "Everyone" }],
      },
      {
        type: "ProductSignature",
        path: "%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE",
        action: "Recommended",
        common: true,
        configurationStatus: "Configured",
        fileType: "Exe",
        publisherInfo: {
          binaryName: "*",
          productName: "MICROSOFT® COREXT",
          publisherName: "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
          version: "0.0.0.0",
        },
        userSids: ["S-1-1-0"],
        usernames: [
          {
            recommendationAction: "Recommended",
            username: "NT AUTHORITY\\SYSTEM",
          },
        ],
      },
      {
        type: "PublisherSignature",
        path: "%OSDRIVE%\\WINDOWSAZURE\\PACKAGES_201973_7415\\COLLECTGUESTLOGS.EXE",
        action: "Recommended",
        common: true,
        configurationStatus: "Configured",
        fileType: "Exe",
        publisherInfo: {
          binaryName: "*",
          productName: "*",
          publisherName: "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
          version: "0.0.0.0",
        },
        userSids: ["S-1-1-0"],
        usernames: [
          {
            recommendationAction: "Recommended",
            username: "NT AUTHORITY\\SYSTEM",
          },
        ],
      },
      {
        type: "File",
        path: "C:\\directory\\file.exe",
        action: "Add",
        common: true,
      },
    ],
    protectionMode: { exe: "Audit", msi: "None", script: "None" },
    vmRecommendations: [
      {
        configurationStatus: "Configured",
        enforcementSupport: "Supported",
        recommendationAction: "Recommended",
        resourceId:
          "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-stable/providers/microsoft.compute/virtualmachines/erelh-16090",
      },
      {
        configurationStatus: "Configured",
        enforcementSupport: "Supported",
        recommendationAction: "Recommended",
        resourceId:
          "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/matanvs/providers/microsoft.compute/virtualmachines/matanvs19",
      },
    ],
  };
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential, subscriptionId);
  const result = await client.adaptiveApplicationControls.put(ascLocation, groupName, body);
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/PutAdaptiveApplicationControls_example.json
// this example is just showing the usage of "AdaptiveApplicationControls_Put" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this AdaptiveApplicationControlGroupResource created on azure
// for more information of creating AdaptiveApplicationControlGroupResource, please refer to the document of AdaptiveApplicationControlGroupResource
string subscriptionId = "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
AzureLocation ascLocation = new AzureLocation("centralus");
string groupName = "ERELGROUP1";
ResourceIdentifier adaptiveApplicationControlGroupResourceId = AdaptiveApplicationControlGroupResource.CreateResourceIdentifier(subscriptionId, ascLocation, groupName);
AdaptiveApplicationControlGroupResource adaptiveApplicationControlGroup = client.GetAdaptiveApplicationControlGroupResource(adaptiveApplicationControlGroupResourceId);

// invoke the operation
AdaptiveApplicationControlGroupData data = new AdaptiveApplicationControlGroupData()
{
    EnforcementMode = AdaptiveApplicationControlEnforcementMode.Audit,
    ProtectionMode = new SecurityCenterFileProtectionMode()
    {
        Exe = AdaptiveApplicationControlEnforcementMode.Audit,
        Msi = AdaptiveApplicationControlEnforcementMode.None,
        Script = AdaptiveApplicationControlEnforcementMode.None,
    },
    VmRecommendations =
    {
    new VmRecommendation()
    {
    ConfigurationStatus = SecurityCenterConfigurationStatus.Configured,
    RecommendationAction = RecommendationAction.Recommended,
    ResourceId = new ResourceIdentifier("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-stable/providers/microsoft.compute/virtualmachines/erelh-16090"),
    EnforcementSupport = SecurityCenterVmEnforcementSupportState.Supported,
    },new VmRecommendation()
    {
    ConfigurationStatus = SecurityCenterConfigurationStatus.Configured,
    RecommendationAction = RecommendationAction.Recommended,
    ResourceId = new ResourceIdentifier("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/matanvs/providers/microsoft.compute/virtualmachines/matanvs19"),
    EnforcementSupport = SecurityCenterVmEnforcementSupportState.Supported,
    }
    },
    PathRecommendations =
    {
    new PathRecommendation()
    {
    Path = "[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0",
    Action = RecommendationAction.Recommended,
    IotSecurityRecommendationType = new IotSecurityRecommendationType("PublisherSignature"),
    PublisherInfo = new SecurityCenterPublisherInfo()
    {
    PublisherName = "O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US",
    ProductName = "*",
    BinaryName = "*",
    Version = "0.0.0.0",
    },
    IsCommon = true,
    UserSids =
    {
    "S-1-1-0"
    },
    Usernames =
    {
    new UserRecommendation()
    {
    Username = "Everyone",
    RecommendationAction = RecommendationAction.Recommended,
    }
    },
    FileType = PathRecommendationFileType.Exe,
    ConfigurationStatus = SecurityCenterConfigurationStatus.Configured,
    },new PathRecommendation()
    {
    Path = "%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE",
    Action = RecommendationAction.Recommended,
    IotSecurityRecommendationType = new IotSecurityRecommendationType("ProductSignature"),
    PublisherInfo = new SecurityCenterPublisherInfo()
    {
    PublisherName = "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
    ProductName = "MICROSOFT® COREXT",
    BinaryName = "*",
    Version = "0.0.0.0",
    },
    IsCommon = true,
    UserSids =
    {
    "S-1-1-0"
    },
    Usernames =
    {
    new UserRecommendation()
    {
    Username = "NT AUTHORITY\\SYSTEM",
    RecommendationAction = RecommendationAction.Recommended,
    }
    },
    FileType = PathRecommendationFileType.Exe,
    ConfigurationStatus = SecurityCenterConfigurationStatus.Configured,
    },new PathRecommendation()
    {
    Path = "%OSDRIVE%\\WINDOWSAZURE\\PACKAGES_201973_7415\\COLLECTGUESTLOGS.EXE",
    Action = RecommendationAction.Recommended,
    IotSecurityRecommendationType = new IotSecurityRecommendationType("PublisherSignature"),
    PublisherInfo = new SecurityCenterPublisherInfo()
    {
    PublisherName = "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
    ProductName = "*",
    BinaryName = "*",
    Version = "0.0.0.0",
    },
    IsCommon = true,
    UserSids =
    {
    "S-1-1-0"
    },
    Usernames =
    {
    new UserRecommendation()
    {
    Username = "NT AUTHORITY\\SYSTEM",
    RecommendationAction = RecommendationAction.Recommended,
    }
    },
    FileType = PathRecommendationFileType.Exe,
    ConfigurationStatus = SecurityCenterConfigurationStatus.Configured,
    },new PathRecommendation()
    {
    Path = "C:\\directory\\file.exe",
    Action = RecommendationAction.Add,
    IotSecurityRecommendationType = new IotSecurityRecommendationType("File"),
    IsCommon = true,
    }
    },
};
ArmOperation<AdaptiveApplicationControlGroupResource> lro = await adaptiveApplicationControlGroup.UpdateAsync(WaitUntil.Completed, data);
AdaptiveApplicationControlGroupResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
AdaptiveApplicationControlGroupData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/ERELGROUP1",
  "name": "ERELGROUP1",
  "type": "Microsoft.Security/applicationWhitelistings",
  "location": "centralus",
  "properties": {
    "recommendationStatus": "Recommended",
    "enforcementMode": "Audit",
    "protectionMode": {
      "exe": "Audit",
      "msi": "None",
      "script": "None"
    },
    "vmRecommendations": [
      {
        "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-stable/providers/microsoft.compute/virtualmachines/erelh-16090",
        "recommendationAction": "Recommended"
      },
      {
        "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/matanvs/providers/microsoft.compute/virtualmachines/matanvs19",
        "recommendationAction": "Recommended"
      }
    ],
    "pathRecommendations": [
      {
        "path": "[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0",
        "type": "PublisherSignature",
        "publisherInfo": {
          "publisherName": "O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US",
          "productName": "*",
          "binaryName": "*",
          "version": "0.0.0.0"
        },
        "common": true,
        "action": "Recommended",
        "usernames": [
          {
            "username": "Everyone",
            "recommendationAction": "Recommended"
          }
        ],
        "userSids": [
          "S-1-1-0"
        ],
        "fileType": "Exe",
        "configurationStatus": "Configured"
      },
      {
        "path": "%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE",
        "type": "ProductSignature",
        "publisherInfo": {
          "publisherName": "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
          "productName": "MICROSOFT® COREXT",
          "binaryName": "*",
          "version": "0.0.0.0"
        },
        "common": true,
        "action": "Recommended",
        "usernames": [
          {
            "username": "NT AUTHORITY\\SYSTEM",
            "recommendationAction": "Recommended"
          }
        ],
        "userSids": [
          "S-1-1-0"
        ],
        "fileType": "Exe",
        "configurationStatus": "Configured"
      },
      {
        "path": "%OSDRIVE%\\WINDOWSAZURE\\PACKAGES_201973_7415\\COLLECTGUESTLOGS.EXE",
        "type": "PublisherSignature",
        "publisherInfo": {
          "publisherName": "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
          "productName": "*",
          "binaryName": "*",
          "version": "0.0.0.0"
        },
        "common": true,
        "action": "Recommended",
        "usernames": [
          {
            "username": "NT AUTHORITY\\SYSTEM",
            "recommendationAction": "Recommended"
          }
        ],
        "userSids": [
          "S-1-1-0"
        ],
        "fileType": "Exe",
        "configurationStatus": "Configured"
      },
      {
        "path": "C:\\directory\\file.exe",
        "type": "File",
        "common": true,
        "action": "Add",
        "usernames": [
          {
            "username": "Everyone",
            "recommendationAction": "Recommended"
          }
        ],
        "userSids": [
          "S-1-1-0"
        ],
        "fileType": "Exe",
        "configurationStatus": "NotConfigured"
      }
    ],
    "configurationStatus": "InProgress",
    "issues": [],
    "sourceSystem": "Azure_AppLocker"
  }
}

Definíciók

Name	Description
AdaptiveApplicationControlGroup
AdaptiveApplicationControlIssue	Riasztás arról, hogy egy csoport gépei rendelkezhetnek
AdaptiveApplicationControlIssueSummary	A gépcsoport riasztásainak összegzését jelöli
CloudError	Az azure Resource Manager API-k gyakori hibaválasza a meghiúsult műveletek hibaadatainak visszaadásához. (Ez az OData hibaválasz formátumát is követi.)
CloudErrorBody	A hiba részletei.
ConfigurationStatus	A gépek csoportjának vagy gépének vagy szabályának konfigurációs állapota
EnforcementMode	A gépcsoport alkalmazásvezérlési szabályzat-kényszerítési/védelmi módja
EnforcementSupport	A Kényszerítés funkció gépi támogatottsága
ErrorAdditionalInfo	Az erőforrás-kezelési hiba további információi.
FileType	A fájl típusa (Linux-fájlok esetén – Végrehajtható fájl használható)
PathRecommendation	A javasolt elérési utat és annak tulajdonságait jelöli
ProtectionMode	A gyűjtemény-/fájltípusok védelmi módja. Az Exe/Msi/Script a Windowshoz, a Végrehajtható fájl Linuxhoz használható.
PublisherInfo	Egy folyamat/szabály közzétevői adatait jelöli
RecommendationAction	A gép vagy szabály javaslati művelete
RecommendationStatus	A gépcsoport vagy gép kezdeti javaslati állapota
RecommendationType	Az engedélyezendő szabály típusa
SourceSystem	A gépcsoport forrástípusa
UserRecommendation	Egy olyan felhasználót jelöl, aki számára ajánlott engedélyezni egy bizonyos szabályt
VmRecommendation	Egy gépcsoport részét képező gépet jelöl

AdaptiveApplicationControlGroup

Name	Típus	Description
id	string	Erőforrás-azonosító
location	string	Az erőforrás tárolási helye
name	string	Erőforrás neve
properties.configurationStatus	ConfigurationStatus	A gépek csoportjának vagy gépének vagy szabályának konfigurációs állapota
properties.enforcementMode	EnforcementMode	A gépcsoport alkalmazásvezérlési szabályzat-kényszerítési/védelmi módja
properties.issues	AdaptiveApplicationControlIssueSummary[]	A gépcsoport riasztásainak összegzését jelöli
properties.pathRecommendations	PathRecommendation[]	A javasolt elérési utat és annak tulajdonságait jelöli
properties.protectionMode	ProtectionMode	A gyűjtemény-/fájltípusok védelmi módja. Az Exe/Msi/Script a Windowshoz, a Végrehajtható fájl Linuxhoz használható.
properties.recommendationStatus	RecommendationStatus	A gépcsoport vagy gép kezdeti javaslati állapota
properties.sourceSystem	SourceSystem	A gépcsoport forrástípusa
properties.vmRecommendations	VmRecommendation[]	Egy gépcsoport részét képező gépet jelöl
type	string	Erőforrás típusa

AdaptiveApplicationControlIssue

Riasztás arról, hogy egy csoport gépei rendelkezhetnek

Name	Típus	Description
ExecutableViolationsAudited	string
MsiAndScriptViolationsAudited	string
MsiAndScriptViolationsBlocked	string
RulesViolatedManually	string
ViolationsAudited	string
ViolationsBlocked	string

AdaptiveApplicationControlIssueSummary

A gépcsoport riasztásainak összegzését jelöli

Name	Típus	Description
issue	AdaptiveApplicationControlIssue	Riasztás arról, hogy egy csoport gépei rendelkezhetnek
numberOfVms	number	A csoport azon gépeinek száma, amelyeken ez a riasztás található

CloudError

Az azure Resource Manager API-k gyakori hibaválasza a meghiúsult műveletek hibaadatainak visszaadásához. (Ez az OData hibaválasz formátumát is követi.)

Name	Típus	Description
error.additionalInfo	ErrorAdditionalInfo[]	A hiba további információi.
error.code	string	A hibakód.
error.details	CloudErrorBody[]	A hiba részletei.
error.message	string	A hibaüzenet.
error.target	string	A hiba célja.

CloudErrorBody

A hiba részletei.

Name	Típus	Description
additionalInfo	ErrorAdditionalInfo[]	A hiba további információi.
code	string	A hibakód.
details	CloudErrorBody[]	A hiba részletei.
message	string	A hibaüzenet.
target	string	A hiba célja.

ConfigurationStatus

A gépek csoportjának vagy gépének vagy szabályának konfigurációs állapota

Name	Típus	Description
Configured	string
Failed	string
InProgress	string
NoStatus	string
NotConfigured	string

EnforcementMode

A gépcsoport alkalmazásvezérlési szabályzat-kényszerítési/védelmi módja

Name	Típus	Description
Audit	string
Enforce	string
None	string

EnforcementSupport

A Kényszerítés funkció gépi támogatottsága

Name	Típus	Description
NotSupported	string
Supported	string
Unknown	string

ErrorAdditionalInfo

Az erőforrás-kezelési hiba további információi.

Name	Típus	Description
info	object	A további információk.
type	string	A további adattípus.

FileType

A fájl típusa (Linux-fájlok esetén – Végrehajtható fájl használható)

Name	Típus	Description
Dll	string
Exe	string
Executable	string
Msi	string
Script	string
Unknown	string

PathRecommendation

A javasolt elérési utat és annak tulajdonságait jelöli

Name	Típus	Description
action	RecommendationAction	A gép vagy szabály javaslati művelete
common	boolean	Azt jelzi, hogy az alkalmazás gyakran fut-e a gépen
configurationStatus	ConfigurationStatus	A gépek csoportjának vagy gépének vagy szabályának konfigurációs állapota
fileType	FileType	A fájl típusa (Linux-fájlok esetén – Végrehajtható fájl használható)
path	string	A fájl teljes elérési útja vagy az alkalmazás azonosítója
publisherInfo	PublisherInfo	Egy folyamat/szabály közzétevői adatait jelöli
type	RecommendationType	Az engedélyezendő szabály típusa
userSids	string[]	Biztonsági azonosító
usernames	UserRecommendation[]	Egy olyan felhasználót jelöl, aki számára ajánlott engedélyezni egy bizonyos szabályt

ProtectionMode

A gyűjtemény-/fájltípusok védelmi módja. Az Exe/Msi/Script a Windowshoz, a Végrehajtható fájl Linuxhoz használható.

Name	Típus	Description
exe	EnforcementMode	A gépcsoport alkalmazásvezérlési szabályzat-kényszerítési/védelmi módja
executable	EnforcementMode	A gépcsoport alkalmazásvezérlési szabályzat-kényszerítési/védelmi módja
msi	EnforcementMode	A gépcsoport alkalmazásvezérlési szabályzat-kényszerítési/védelmi módja
script	EnforcementMode	A gépcsoport alkalmazásvezérlési szabályzat-kényszerítési/védelmi módja

PublisherInfo

Egy folyamat/szabály közzétevői adatait jelöli

Name	Típus	Description
binaryName	string	A fájl verzióerőforrásából vett "OriginalName" mező
productName	string	A fájl verzióerőforrásából vett terméknév
publisherName	string	A kód aláírásához használt x.509-tanúsítvány Tulajdonos mezője a következő mezők használatával: O = Szervezet, L = Helység, S = Állam vagy Tartomány, C = Ország
version	string	A fájl verzióerőforrásából vett bináris fájlverzió

RecommendationAction

A gép vagy szabály javaslati művelete

Name	Típus	Description
Add	string
Recommended	string
Remove	string

RecommendationStatus

A gépcsoport vagy gép kezdeti javaslati állapota

Name	Típus	Description
NoStatus	string
NotAvailable	string
NotRecommended	string
Recommended	string

RecommendationType

Az engedélyezendő szabály típusa

Name	Típus	Description
BinarySignature	string
File	string
FileHash	string
ProductSignature	string
PublisherSignature	string
VersionAndAboveSignature	string

SourceSystem

A gépcsoport forrástípusa

Name	Típus	Description
Azure_AppLocker	string
Azure_AuditD	string
NonAzure_AppLocker	string
NonAzure_AuditD	string
None	string

UserRecommendation

Egy olyan felhasználót jelöl, aki számára ajánlott engedélyezni egy bizonyos szabályt

Name	Típus	Description
recommendationAction	RecommendationAction	A gép vagy szabály javaslati művelete
username	string	Egy olyan felhasználót jelöl, aki számára ajánlott engedélyezni egy bizonyos szabályt

VmRecommendation

Egy gépcsoport részét képező gépet jelöl

Name	Típus	Description
configurationStatus	ConfigurationStatus	A gépek csoportjának vagy gépének vagy szabályának konfigurációs állapota
enforcementSupport	EnforcementSupport	A Kényszerítés funkció gépi támogatottsága
recommendationAction	RecommendationAction	A gép vagy szabály javaslati művelete
resourceId	string	A gép teljes erőforrás-azonosítója